Description
Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Newsletters Multiple Vulnerabilities (4.6.6.2)
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.12)
Grafana Incorrect Authorization Vulnerability (CVE-2022-31107)
WordPress Plugin Testimonial Rotator Cross-Site Scripting (3.0.3)
WordPress Plugin WishList Member X Remote Code Execution (3.25.1)