Description
TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.
Remediation
References
Related Vulnerabilities
WordPress Plugin Stock Ticker Security Bypass (3.23.0)
WordPress Plugin WPE Indoshipping Multiple Remote File Inclusion Vulnerabilities (2.5.0)
Undertow Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-1745)
WordPress Plugin Site Reviews Multiple Vulnerabilities (6.5.1)