Description
Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.
Remediation
References
Related Vulnerabilities
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3128)
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.3)
WordPress Plugin YITH WooCommerce Gift Cards Premium Arbitrary File Upload (3.3.0)
WordPress Plugin Yasr-Yet Another Stars Rating Unspecified Vulnerability (1.3.2)
WordPress Plugin Slider Hero with Animation, Video Background SQL Injection (8.2.6)