[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$feFxtVGfylQOFPTx5rZkA2tevaKV1S2h1KYRTtVSHOOw":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":22},"CVE-2022-43500","wordpress-core-gutenberg-authenticated-cross-site-scripting-in-various-blocks","WordPress Core \u003C 6.0.3 & Gutenberg \u003C 14.3.1 - Authenticated Cross-Site Scripting in Various Blocks","WordPress Core in versions up to 6.0.3 and the Gutenberg plugin for WordPress in versions up to 14.3.1 are vulnerable to Stored Cross-Site Scripting due to insufficient output escaping on user supplied input. The RSS widget, Search Block, Featured Image Block, RSS Block, and Navigation Block are all affected components. This makes it possible for authenticated users with access to the block editor to inject malicious web scripts that may execute whenever accessing the page.","gutenberg",null,"\u003C=14.3.0","14.3.1","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2022-10-18 00:00:00","2025-04-30 20:02:08",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F438fbd3f-052b-4a6d-acd2-233a93d56cbb?source=api-prod",926,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fgutenberg%2Ftags%2F14.3.0&new_path=%2Fgutenberg%2Ftags%2F14.3.1"]