Description
TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.
Remediation
References
Related Vulnerabilities
WordPress Plugin Backup Migration Information Disclosure (1.3.5)
MySQL CVE-2022-21315 Vulnerability (CVE-2022-21315)
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.16)
WordPress Plugin Brizy-Page Builder Arbitrary File Upload (2.4.44)
WordPress Plugin WP Download Codes Cross-Site Scripting (2.5.1)