WF-954b8064-f317-4af4-a55f-9a61ee945006-gutenberg

WordPress Core < 5.9.2 & Gutenberg < 12.7.2 - Prototype Pollution via Block Editor

mediumImproperly Controlled Modification of Dynamically-Determined Object Attributes

5.4

CVSS Score

5.4

CVSS Score

medium

Severity

12.7.2

Patched in

683d

Time to patch

Description

WordPress Core in various versions < 5.9.2 and Gutenberg versions less than 12.7.2 are vulnerable to prototype pollution via the block editor which could make injecting malicious web scripts possible in some cases.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Low

Confidentiality

Low

Integrity

None

Availability

Technical Details

Affected versions<12.7.2

PublishedMarch 11, 2022

Last updatedJanuary 22, 2024

Affected plugingutenberg

What Changed in the Fix

Changes introduced in v12.7.2

Trac

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/954b8064-f317-4af4-a55f-9a61ee945006?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database