CVE-2024-31111

Summary

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9.

Affected Software

VendorProductVersion RangeStatus
AutomatticWordPress6.5 <= 6.5.4affected
AutomatticWordPress6.4 <= 6.4.4affected
AutomatticWordPress6.3 <= 6.3.4affected
AutomatticWordPress6.2 <= 6.2.5affected
AutomatticWordPress6.1 <= 6.1.6affected
AutomatticWordPress6.0 <= 6.0.8affected
AutomatticWordPress5.9 <= 5.9.9affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References