Medium severity6.5NVD Advisory· Published Oct 13, 2023· Updated Jun 17, 2026
CVE-2023-38000
CVE-2023-38000
Description
Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- Range: <=16.8.0
- Range: 6.3 - 6.3.1, 6.2 - 6.2.2, 6.1 - 6.1.3, 6.0 - 6.0.5, 5.9 - 5.9.7
- osv-coords2 versions
>= 5.9.0, < 5.9.8+ 1 more
- (no CPE)range: >= 5.9.0, < 5.9.8
- (no CPE)range: >= 5.9.0, < 5.9.8
- Range: n/a
Patches
Vulnerability mechanics
References
3- patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisorynvdExploitThird Party Advisory
- patchstack.com/database/vulnerability/gutenberg/wordpress-gutenberg-plugin-16-8-0-contributor-stored-xss-in-navigation-links-block-vulnerabilitynvdThird Party Advisory
- patchstack.com/database/vulnerability/wordpress/wordpress-core-6-3-2-contributor-stored-xss-in-navigation-links-block-vulnerabilitynvdThird Party Advisory
News mentions
0No linked articles in our index yet.