Description
Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Themify-WooCommerce Product Filter SQL Injection (1.4.9)
WordPress Plugin Extensive VC Addons for WPBakery page builder Local File Inclusion (1.9)
WordPress Plugin Custom Permalinks SQL Injection (1.1)
Oracle Database Server CVE-2018-2680 Vulnerability (CVE-2018-2680)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3128)