CVE-2024-31111
MEDIUM6.5EPSS 0.43%WordPress Core < 6.5.5 - Cross Site Scripting (XSS) vulnerability
Published: 6/25/2024Modified: 5/27/2026
Also known as:DEBIAN-CVE-2024-31111
Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9.
Affected packages (5)
- Bitnami/wordpress>= 5.9.0, < 5.9.10, >= 6.0.0, < 6.0.9, >= 6.1.0, < 6.1.7, >= 6.2.0, < 6.2.6, >= 6.3.0, < 6.3.5, >= 6.4.0, < 6.4.5, >= 6.5.0, < 6.5.5
- Bitnami/wordpress-multisite>= 5.9.0, < 5.9.10, >= 6.0.0, < 6.0.9, >= 6.1.0, < 6.1.7, >= 6.2.0, < 6.2.6, >= 6.3.0, < 6.3.5, >= 6.4.0, < 6.4.5, >= 6.5.0, < 6.5.5
- Debian/wordpressfrom 0, < 5.7.14+dfsg1-0+deb11u1
- Debian/wordpressfrom 0, < 5.7.14+dfsg1-0+deb11u1
- Debian/wordpressfrom 0, < 6.1.9+dfsg1-0+deb12u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L |
References (4)
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2024-31111
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-31111
- WEBhttps://patchstack.com/database/vulnerability/wordpress/wordpress-wordpress-core-core-6-5-5-cross-site-scripting-xss-via-template-part-vulnerability?_s_id=cve
- WEBhttps://wordpress.org/news/2024/06/wordpress-6-5-5/