CVE-2022-33994

Published: Jul 30, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://blog.jitendrapatro.me/cve-2022-33994-stored-xss-in-wordpress/

x_refsource_MISC

https://patchstack.com/articles/patchstack-weekly-svg-xss-reported-in-gutenberg/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-33994

Description

Affected Products

References