Description
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).
Remediation
References
Related Vulnerabilities
WordPress Plugin Broken Link Checker Cross-Site Scripting (1.10.1)
MySQL CVE-2019-2963 Vulnerability (CVE-2019-2963)
WordPress Plugin Quick Paypal Payments Cross-Site Scripting (3.0)
WordPress Plugin SEO Smart Links Cross-Site Scripting (3.0.1)
WordPress Plugin PowerPack for Beaver Builder Privilege Escalation (2.33.0)