5.9
CVE-2025-58674
- EPSS 0.03%
- Veröffentlicht 23.09.2025 19:15:41
- Zuletzt bearbeitet 28.04.2026 19:34:13
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
WordPress <= 6.8.2 - (Author+) Cross Site Scripting (XSS) Vulnerability
WordPress <= 6.8.2 - Authenticated (Author+) Stored Cross-Site Scripting
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a fix. This is low severity vulnerability that requires an attacker to have Author or higher user privileges to execute the attack vector.This issue affects WordPress: from 6.8 through 6.8.2, from 6.7 through 6.7.3, from 6.6 through 6.6.3, from 6.5 through 6.5.6, from 6.4 through 6.4.6, from 6.3 through 6.3.6, from 6.2 through 6.2.7, from 6.1 through 6.1.8, from 6.0 through 6.0.10, from 5.9 through 5.9.11, from 5.8 through 5.8.11, from 5.7 through 5.7.13, from 5.6 through 5.6.15, from 5.5 through 5.5.16, from 5.4 through 5.4.17, from 5.3 through 5.3.19, from 5.2 through 5.2.22, from 5.1 through 5.1.20, from 5.0 through 5.0.23, from 4.9 through 4.9.27, from 4.8 through 4.8.26, from 4.7 through 4.7.30.Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 4.7.31, 4.8.27, 4.9.28, 5.0.24, 5.1.21, 5.2.23, 5.3.20, 5.4.18, 5.5.17, 5.6.16, 5.7.14, 5.8.12, 5.9.12, 6.0.11, 6.1.9, 6.2.8, 6.3.7, 6.4.7, 6.5.7, 6.6.4, 6.7.4, 6.8.3
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerWordPress
≫
Produkt
WordPress
Default Statusunaffected
Version <=
6.8.2
Version
6.8
Status
affected
Version <=
6.7.3
Version
6.7
Status
affected
Version <=
6.6.3
Version
6.6
Status
affected
Version <=
6.5.6
Version
6.5
Status
affected
Version <=
6.4.6
Version
6.4
Status
affected
Version <=
6.3.6
Version
6.3
Status
affected
Version <=
6.2.7
Version
6.2
Status
affected
Version <=
6.1.8
Version
6.1
Status
affected
Version <=
6.0.10
Version
6.0
Status
affected
Version <=
5.9.11
Version
5.9
Status
affected
Version <=
5.8.11
Version
5.8
Status
affected
Version <=
5.7.13
Version
5.7
Status
affected
Version <=
5.6.15
Version
5.6
Status
affected
Version <=
5.5.16
Version
5.5
Status
affected
Version <=
5.4.17
Version
5.4
Status
affected
Version <=
5.3.19
Version
5.3
Status
affected
Version <=
5.2.22
Version
5.2
Status
affected
Version <=
5.1.20
Version
5.1
Status
affected
Version <=
5.0.23
Version
5.0
Status
affected
Version <=
4.9.27
Version
4.9
Status
affected
Version <=
4.8.26
Version
4.8
Status
affected
Version <=
4.7.30
Version
4.7
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Core
≫
Produkt
WordPress
Version
*-4.7
Version
4.7-4.7.30
Version
4.8-4.8.26
Version
4.9-4.9.27
Version
5.0-5.0.23
Version
5.1-5.1.20
Version
5.2-5.2.22
Version
5.3-5.3.19
Version
5.4-5.4.17
Version
5.5-5.5.16
Version
5.6-5.6.15
Version
5.7-5.7.13
Version
5.8-5.8.11
Version
5.9-5.9.11
Version
6.0-6.0.10
Version
6.1-6.1.8
Version
6.2-6.2.7
Version
6.3-6.3.6
Version
6.4-6.4.6
Version
6.5-6.5.6
Version
6.6-6.6.3
Version
6.7-6.7.3
Version
6.8-6.8.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.072 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| audit@patchstack.com | 5.9 | 1.7 | 3.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.