CVE-2023-38000

Name of the Vulnerable Software and Affected Versions WordPress core versions 5.9 through 5.9.7 WordPress core versions 6.0 through 6.0.5 WordPress core versions 6.1 through 6.1.3 WordPress core versions 6.2 through 6.2.2 WordPress core versions 6.3 through 6.3.1 Gutenberg plugin versions <= 16.8.0

Description The issue is an Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into the website, which can then be executed by other users, potentially leading to unauthorized actions. The vulnerability affects WordPress core and the Gutenberg plugin.

Recommendations For WordPress core versions 5.9 through 5.9.7, update to a version later than 5.9.7. For WordPress core versions 6.0 through 6.0.5, update to a version later than 6.0.5. For WordPress core versions 6.1 through 6.1.3, update to a version later than 6.1.3. For WordPress core versions 6.2 through 6.2.2, update to a version later than 6.2.2. For WordPress core versions 6.3 through 6.3.1, update to a version later than 6.3.1. For Gutenberg plugin versions <= 16.8.0, update to a version later than 16.8.0.