WordPress 6.0.3 Security Update – 16 Vulnerabilities That Must Be Fixed

state-of-wordpress-security-in-2023

The WordPress 6.0.3 Security Update contains patches for many vulnerabilities, most of which are low in severity or require a highly privileged user account or additional vulnerable code to exploit.

We want to share these vulnerabilities so you know them and take action to avoid a potentially hacked site.

1. Authenticated (Contributor+) Stored Cross-Site Scripting via RSS Widget/Block
Affected Versions: WordPress Core < 6.0.3 & Gutenberg < 14.3.1
Researcher:  N/A
CVE ID: Pending
CVSS Score: 6.4(Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Fully Patched Version: 6.0.3
Changeset: https://core.trac.wordpress.org/changeset/54543

A contributor-level attacker could create a page on a site they controlled that returned an error code and a malicious script in the Content-Type response header. 

2. Authenticated Stored Cross-Site Scripting via Search Block
Affected Versions: WordPress Core < 6.0.3 & Gutenberg < 14.3.1
Researcher: Alex Concha
CVE ID: Pending
CVSS Score: 6.4(Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Fully Patched Version: 6.0.3
Changeset: https://core.trac.wordpress.org/changeset/54543

It is possible for users that can edit posts to inject malicious JavaScript via the Search Block’s Text color and Background color attributes. 

Description: Authenticated Stored Cross-Site Scripting via Featured Image Block
Affected Versions: WordPress Core < 6.0.3 & Gutenberg < 14.3.1
Researcher: N/A
CVE ID: Pending
CVSS Score: 6.4(Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Fully Patched Version: 6.0.3
Changeset: https://core.trac.wordpress.org/changeset/54543

Pre-Orders for Woocommerce

4 Models
Get Presales
in a Comprehensive way

Related Blogs
SEO Statistics for Multilingual Websites

We reviewed SEO Statistics for Multilingual Websites and in today’s fast-paced digital era, the internet connects people from all corners of the globe. With the world becoming more interconnected, businesses…

A Guide to WordPress Hooks, Actions, and Filters

Welcome to “A Guide to WordPress Hooks, Actions, and Filters.” In the vast realm of WordPress development, understanding hooks, actions, and filters is essential for unlocking the full potential of…

The Future of WordPress by 2025

WordPress has come a long way since its launch in 2003 as a simple blogging platform. Today, it powers over 40% of all websites, including some of the world’s most…

WordPress 6.0.3 Security Update – 16 Vulnerabilities That Must Be Fixed

The WordPress 6.0.3 Security Update contains patches for many vulnerabilities, most of which are low in severity or require a highly privileged user account or additional vulnerable code to exploit….