Description
Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.
Remediation
References
Related Vulnerabilities
WordPress Plugin Relocate Upload 'abspath' Parameter Remote File Include (0.14)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-0738)
WordPress Plugin GiveWP-Donation and Fundraising Platform SQL Injection (2.24.0)
WordPress Plugin WORDPRESS VIDEO GALLERY Open Email Relay (2.8)