Description
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Download Manager 'cid' Parameter Cross-Site Scripting (2.2.2)
WordPress Plugin Custom Login Page Customizer-LoginPress Multiple Vulnerabilities (1.1.13)
WordPress Plugin GD Star Rating 'wpfn' Parameter Cross-Site Scripting (1.9.8)