{"id":"CVE-2022-43500","details":"Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.","aliases":["BIT-wordpress-2022-43500","BIT-wordpress-multisite-2022-43500"],"modified":"2026-05-18T05:54:02.633124059Z","published":"2022-12-05T00:00:00Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"versions prior to 6.0.3"}],"source":"AFFECTED_FIELD"}],"cna_assigner":"jpcert","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/43xxx/CVE-2022-43500.json"},"references":[{"type":"WEB","url":"https://jvn.jp/en/jp/JVN09409909/index.html"},{"type":"WEB","url":"https://wordpress.org/download/"},{"type":"WEB","url":"https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/43xxx/CVE-2022-43500.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43500"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wordpress/wordpress","events":[{"introduced":"0"},{"fixed":"1015e926e9dd093fd57abbf0cb38c2ead1b18606"},{"introduced":"36470a480cac07d34a355e9f8a9409c1349b6e07"},{"fixed":"35d45c1d2f75a7b53914695221b7d69f6670ba4e"},{"introduced":"54a3b49fa91b7beeb3da2f448154f9e75f005a9a"},{"fixed":"b85f668baaa8512504fb22927e9fbc2957e94922"},{"introduced":"842221094a5011886291b21fd7c705835d69e0bc"},{"fixed":"96f8cd0b915e1d1dbb3fa486daf4acd7d49930ec"},{"introduced":"e5e791f331d371ad6262c1893d84f5f2b6c26464"},{"fixed":"b7434667f46c304c61fd67e543c221ba5728f597"},{"introduced":"87bf150016e042bc3e21f2f1cb9de44042b8cdb1"},{"fixed":"f5880f4d02f1957697570e0b3cf4a813054bbe1b"},{"introduced":"b57f3aa5f00a127f209eff74b78787dd3fd5ed4d"},{"fixed":"22c16c8445f2b029602ee63b5202c9d82c7ab30d"},{"introduced":"f6a29831c76d2dbe82e9ae673539f910654c58a4"},{"fixed":"f33f6d309843cdebd60449206958e879f413d311"},{"introduced":"e3aafee3f2bc07e09bf79389f20ea3db731466c3"},{"fixed":"2e549d964d7d2f19cb1ef2e3b5b47444b39b11dd"},{"introduced":"fe47e6139dbfc0f0c9ce0d79da77926b5fceaa77"},{"fixed":"e4911395ef64e4cbec8d2ba114fab35153a3ba7b"},{"introduced":"14247ee4302378d292863865c643abe99bbfe3c7"},{"fixed":"8e2b69f9358ce6bb302b8bc3a946faefabe2f0e2"},{"introduced":"06fa4161aa74619239cf27017d124081c825684a"},{"fixed":"5926c50520b061982d20d91cb4fa42cca828b623"},{"introduced":"29ffbff370968ae48a1b7a34e35c8b8e75cf0f91"},{"fixed":"2d05d25bdc7fa8924c135629cefb3099b9e953bf"},{"introduced":"491c67be12ca8a9fe37ae38307ba7e298c976ec3"},{"fixed":"401404d7e0b62d33c02b07ec687b47bdce1f6b4e"},{"introduced":"c33464a4554cff8a082bc353d9226d8104b80d2b"},{"fixed":"75943626d3cf5165563b7cb9462af4475b9a001c"},{"introduced":"6fe64752be3260f2a47f38e68c2cb77400e5a0c9"},{"fixed":"59d2ead33b331122fb9c90c584b92fbd82c0b828"},{"introduced":"50dc0ca5bb332c895f0f39fe4e6ee1e4a43e06dc"},{"fixed":"ca1dbac5794da97d69a608db4a737f9e10672a8d"},{"introduced":"9ff4499281663b0c772787fd4a60538288f842e9"},{"fixed":"365ed456cfcc225e7928f9bba443fe7b0da5a543"},{"introduced":"537fd931bc02e6e934a2d774422b897871aa87ad"},{"fixed":"fec4d1020d870da730c587346554998202ac41fa"},{"introduced":"965fcddcf68cf4fd122ae24b992e242dfea1d773"},{"fixed":"863c3dfd9353f8859d26409d570d425dc94b3115"},{"introduced":"058f9903676a7efaee534a682df0a2a8b87574d8"},{"fixed":"02b981c95e1d071df1512c9f4352a68ed9fd867f"},{"introduced":"50caeb6e61ad0c49d2c7e1d6d5115047a011f590"},{"fixed":"8f1610822d90430432ecb5ca76ca667c06d26a7d"},{"introduced":"73157386d069425c5e6ea7c4fc0122e8a9b58a7b"},{"fixed":"dc4ed36203ed6ad455303cef3b5d41f54d04994e"},{"introduced":"cc101b64012b16d087780657a2b828ccd7794a63"},{"fixed":"c1beb8d2b85c79027a1b6057ab17916944b6144c"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"3.7.40"},{"introduced":"3.8"},{"fixed":"3.8.40"},{"introduced":"3.9"},{"fixed":"3.9.39"},{"introduced":"4.0"},{"fixed":"4.0.37"},{"introduced":"4.1"},{"fixed":"4.1.37"},{"introduced":"4.2"},{"fixed":"4.2.34"},{"introduced":"4.3"},{"fixed":"4.3.30"},{"introduced":"4.4"},{"fixed":"4.4.29"},{"introduced":"4.5"},{"fixed":"4.5.28"},{"introduced":"4.6"},{"fixed":"4.6.25"},{"introduced":"4.7"},{"fixed":"4.7.25"},{"introduced":"4.8"},{"fixed":"4.8.21"},{"introduced":"4.9"},{"fixed":"4.9.22"},{"introduced":"5.0"},{"fixed":"5.0.18"},{"introduced":"5.1"},{"fixed":"5.1.15"},{"introduced":"5.2"},{"fixed":"5.2.17"},{"introduced":"5.3"},{"fixed":"5.3.14"},{"introduced":"5.4"},{"fixed":"5.4.12"},{"introduced":"5.5"},{"fixed":"5.5.11"},{"introduced":"5.6"},{"fixed":"5.6.10"},{"introduced":"5.7"},{"fixed":"5.7.8"},{"introduced":"5.8"},{"fixed":"5.8.6"},{"introduced":"5.9"},{"fixed":"5.9.5"},{"introduced":"6.0"},{"fixed":"6.0.3"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"}}],"versions":["4.9.8"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-43500.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/wordpress/wordpress-develop","events":[{"introduced":"0"},{"fixed":"756915de8c5dbe6c9b210299ec8ce8d524f9dfaf"},{"introduced":"36e5687edb263228eb912d542ebad988e0672beb"},{"fixed":"984f17b49eda7f6376879e4fa3efa8689763effe"},{"introduced":"c1b5c599c9d8d83ba3a1dcfe31570d1b0f6b4c3e"},{"fixed":"62cac0fe906a1abd00de540e0155bebbd213b510"},{"introduced":"a3a0dab49ed5b740b3f05e48b06b0b259641e2d0"},{"fixed":"1628d676373350de9ad0fb180697d86646916847"},{"introduced":"470529c2bf211450e91f01ceadaa9fc97a2b4031"},{"fixed":"07c94f5f74309fce5b04b6ff099395390782d193"},{"introduced":"7b07c0ccc7453ce057e009ffa65f12a02ce7d2ee"},{"fixed":"12229fb05d511d1bffb02d5598d857b949b5ea14"},{"introduced":"ec8826ed50f8ce0eea39900eeeba09a9d621f00e"},{"fixed":"bee6c87e5d2f381c653ad99ba7d3944d18d7e922"},{"introduced":"b5f6ca5af6e29fe5df7a65d512b177fa465cfa2e"},{"fixed":"332dd08ee23c9be3aae3423ee5bb8f23c17b66fb"},{"introduced":"7acf453090c10537e6f41fc4cf2608d7bbcce8ca"},{"fixed":"a44891d91d63aabf76ee3c1debc28108daccc692"},{"introduced":"7c76a1b79e21176b176b5b6d6b03151f8eea4b55"},{"fixed":"f32dd40a9afeb2057c524212b2cacb3580ce0616"},{"introduced":"efa83f48bd4ebd066e5efc94b9feefe50e7925a2"},{"fixed":"a9913067c2e9ba7cf7d1560d9a39656f854fadf4"},{"introduced":"2ac9b801ef5c18accf223b093529dacfcf809133"},{"fixed":"0811abd00138bd95ce0c4ed5eb69ecab484e1e2b"},{"introduced":"31f7ece8503f0dc6ef1df2473ae3f3d352973e12"},{"fixed":"6789da3be3f4f8eb5040422a065da6c1ef3f3b0d"},{"introduced":"b3bf6266acd61682bc654845f621b4426645e324"},{"fixed":"3c1521cf0e6703d3228435822e1a4f1ccf6e8648"},{"introduced":"5aa596fee9bf6ea7f0ccc2ed51b16c0f2f04076b"},{"fixed":"29064f916ede1e92eec2bb5ef54d9a7878174203"},{"introduced":"1cf3888655c0eb8b0b0539834ad67db5920190d7"},{"fixed":"5c5d5e387fbf9204fd8893dd4a871f7b73d6f8ba"},{"introduced":"d05f0a86b23e37b9d97acd9317ff3fd661d64dea"},{"fixed":"6b3c2b1e20d301994372ae23d724b3ebc69b1754"},{"introduced":"e0bedd676512ace4c5586337c072037298315f79"},{"fixed":"990a692c93b3559e72d66de6ae2fa011f7e5e911"},{"introduced":"944a787b8071d3a27f4ac68980c21ed6137db91d"},{"fixed":"887bb02dda9c649d75ab66bd9af95e31bcdfe0c3"},{"introduced":"96a6969aab5f0b9362cbc984af230bdfc93022e8"},{"fixed":"f26b78ecb39fe88d4271c921388a69006979d1e3"},{"introduced":"895d6a691d7ccdfe80cdf999bc0c8a78d11ad55a"},{"fixed":"5037287442cfbdaee38e468ccae818c53bc79cc2"},{"introduced":"4b54a6c2c9a3be775cc6dda66ed207998b068c8f"},{"fixed":"78173e9773eea728774bec1c6556c29ad46a76e9"},{"introduced":"b83a8be65054cd890e24c7c1416ebbb39aeb4c09"},{"fixed":"7268fe465f2589a7dc793e3f93aceea763f1aded"},{"introduced":"1c0a2efa5eac05dfd3b7d2b9cfe68e02da55b966"},{"fixed":"75f4a8a2a567b28283fd4d457a713a5e770df216"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"3.7.40"},{"introduced":"3.8"},{"fixed":"3.8.40"},{"introduced":"3.9"},{"fixed":"3.9.39"},{"introduced":"4.0"},{"fixed":"4.0.37"},{"introduced":"4.1"},{"fixed":"4.1.37"},{"introduced":"4.2"},{"fixed":"4.2.34"},{"introduced":"4.3"},{"fixed":"4.3.30"},{"introduced":"4.4"},{"fixed":"4.4.29"},{"introduced":"4.5"},{"fixed":"4.5.28"},{"introduced":"4.6"},{"fixed":"4.6.25"},{"introduced":"4.7"},{"fixed":"4.7.25"},{"introduced":"4.8"},{"fixed":"4.8.21"},{"introduced":"4.9"},{"fixed":"4.9.22"},{"introduced":"5.0"},{"fixed":"5.0.18"},{"introduced":"5.1"},{"fixed":"5.1.15"},{"introduced":"5.2"},{"fixed":"5.2.17"},{"introduced":"5.3"},{"fixed":"5.3.14"},{"introduced":"5.4"},{"fixed":"5.4.12"},{"introduced":"5.5"},{"fixed":"5.5.11"},{"introduced":"5.6"},{"fixed":"5.6.10"},{"introduced":"5.7"},{"fixed":"5.7.8"},{"introduced":"5.8"},{"fixed":"5.8.6"},{"introduced":"5.9"},{"fixed":"5.9.5"},{"introduced":"6.0"},{"fixed":"6.0.3"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"}}],"versions":["4.9.8"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-43500.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}