{"id":"BIT-wordpress-2023-38000","summary":"Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress core and Gutenberg plugin via Navigation Links Block","details":"Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin \u003c= 16.8.0 versions.","aliases":["BIT-wordpress-multisite-2023-38000","CVE-2023-38000"],"modified":"2025-05-20T10:02:07.006Z","published":"2024-03-06T11:09:07.064Z","database_specific":{"cpes":["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"],"severity":"Medium"},"references":[{"type":"WEB","url":"https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve"},{"type":"WEB","url":"https://patchstack.com/database/vulnerability/gutenberg/wordpress-gutenberg-plugin-16-8-0-contributor-stored-xss-in-navigation-links-block-vulnerability?_s_id=cve"},{"type":"WEB","url":"https://patchstack.com/database/vulnerability/wordpress/wordpress-core-6-3-2-contributor-stored-xss-in-navigation-links-block-vulnerability?_s_id=cve"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38000"}],"affected":[{"package":{"name":"wordpress","ecosystem":"Bitnami","purl":"pkg:bitnami/wordpress"},"ranges":[{"type":"SEMVER","events":[{"introduced":"5.9.0"},{"fixed":"5.9.8"},{"introduced":"6.0.0"},{"fixed":"6.0.6"},{"introduced":"6.1.0"},{"fixed":"6.1.4"},{"introduced":"6.2.0"},{"fixed":"6.2.3"},{"introduced":"6.3.0"},{"fixed":"6.3.2"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/wordpress/BIT-wordpress-2023-38000.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}],"schema_version":"1.7.3"}