Description markdown-it before 4.1.0 does not block data: URLs. Remediation References CVE-2015-3295 Related Vulnerabilities WordPress Plugin Easy PayPal Buy Now Button Cross-Site Scripting (1.7.3) e107 Other Vulnerability (CVE-2006-5786) WordPress Plugin User Registration-Custom Registration Form, Login Form, and User Profile Privilege Escalation (3.2.0.1) Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-0224) WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-17669) Severity Medium Classification CVE-2015-3295 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Tags Missing Update Known Vulnerabilities