Vulnerability with 16.7.1 and under

Hi @sincewelastspoke,

I couldn’t really find a lot of details on that, but I would anyway recommend you use 16.8.0 to be safe.

I can confirm that the Gutenberg team tends to be quite active on addressing vulnerabilities, and they are informed far before it is public.

@sincewelastspoke, heyo.

It’s difficult to call this a vulnerability, because in the context of the “attacked” website XSS doesn’t work. That is, WordPress is doing its job, and for a successful attack you need to perform a series of illogical actions, with an incomprehensible impact in the end. The CVSS Base Score with only 3.0 points speaks for itself: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N. So don’t worry about it.

using the latest Version:?16.8.1

Critical Problems:

* The Plugin “Gutenberg” has a security vulnerability.

Vulnerability Severity: 5.4/10.0 (Medium)

announced by wordfence?

any ideas

I have version 16.8.1

Received the same alert from Wordfence just now.

Critical Problems:

* The Plugin “Gutenberg” has a security vulnerability.

Vulnerability Severity: 5.4/10.0 (Medium) Vulnerability Information

@phpnukes, @rajk748, I assume that due to the lack of vulnerability there is also nothing to patch, so the report will simply increase the version number each time to the current one. A bit confusing situation.