CVE-2022-4973

Name of the Vulnerable Software and Affected Versions WordPress Core versions up to 6.0.2

Description The issue allows users with access to the WordPress post and page editor, typically Authors, Contributors, and Editors, to inject arbitrary web scripts into posts and pages. These scripts execute if the the meta() function is called on that page. This can be exploited by users with access to the editor, making it possible to inject malicious scripts.

Recommendations For WordPress Core versions up to 6.0.2, update to a version later than 6.0.2 to resolve the issue. As a temporary workaround, consider restricting access to the post and page editor to minimize the risk of exploitation. Additionally, avoid using the the meta() function until the issue is resolved.