Description WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. Remediation References CVE-2019-17674 Related Vulnerabilities WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-13292) WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Cross-Site Scripting (4.7.4) WordPress Plugin Simple visitor stat Cross-Site Scripting (1.0) WordPress Plugin Woocommerce Aliexpress Dropshipping Lite PHP Object Injection (1.0.1) Dolibarr Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2023-30253) Severity Medium Classification CVE-2019-17674 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities