{"id":"CVE-2024-31111","details":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9.","aliases":["BIT-wordpress-2024-31111","BIT-wordpress-multisite-2024-31111"],"modified":"2026-01-27T04:19:39.386206Z","published":"2024-06-25T13:15:49Z","withdrawn":"2026-01-27T04:19:39.386206Z","references":[{"type":"WEB","url":"https://patchstack.com/database/vulnerability/wordpress/wordpress-wordpress-core-core-6-5-5-cross-site-scripting-xss-via-template-part-vulnerability?_s_id=cve"},{"type":"WEB","url":"https://wordpress.org/news/2024/06/wordpress-6-5-5/"}],"schema_version":"1.7.3"}