What the vulnerability does
01Description
The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.
CVE-2024-40743
CVE-2024-40743: [20240805] - Core - XSS vectors in Outputfilter::strip* methods
CVSS base score
—
Key dates
02Disclosure timeline
August 20, 2024
CVE published
November 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-10135 WP ViewSTL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2023-32296 WordPress Kangu para WooCommerce Plugin <= 2.2.9 is vulnerable to Cross Site Scripting (XSS)
CVE-2025-46226 WordPress MPL-Publisher plugin <= 2.18.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2022-32247
CVE-2023-45006 WordPress WooODT Lite Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS)
