CVE-2024-31111
MEDIUM6.5EPSS 0.43%WordPress Core < 6.5.5 - Cross Site Scripting (XSS) vulnerability
發布日:2024/6/25修改日:2026/5/27
描述
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9.
受影響套件(5)
- Bitnami/wordpress>= 5.9.0, < 5.9.10, >= 6.0.0, < 6.0.9, >= 6.1.0, < 6.1.7, >= 6.2.0, < 6.2.6, >= 6.3.0, < 6.3.5, >= 6.4.0, < 6.4.5, >= 6.5.0, < 6.5.5
- Bitnami/wordpress-multisite>= 5.9.0, < 5.9.10, >= 6.0.0, < 6.0.9, >= 6.1.0, < 6.1.7, >= 6.2.0, < 6.2.6, >= 6.3.0, < 6.3.5, >= 6.4.0, < 6.4.5, >= 6.5.0, < 6.5.5
- Debian/wordpressfrom 0, < 5.7.14+dfsg1-0+deb11u1
- Debian/wordpressfrom 0, < 5.7.14+dfsg1-0+deb11u1
- Debian/wordpressfrom 0, < 6.1.9+dfsg1-0+deb12u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L |
參考連結(4)
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2024-31111
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-31111
- WEBhttps://patchstack.com/database/vulnerability/wordpress/wordpress-wordpress-core-core-6-5-5-cross-site-scripting-xss-via-template-part-vulnerability?_s_id=cve
- WEBhttps://wordpress.org/news/2024/06/wordpress-6-5-5/