Description
The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.
Remediation
References
Related Vulnerabilities
WordPress 4.4 Cross-Site Scripting Vulnerability (4.4)
Caddy Web Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28923)
WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-31216)
WordPress Plugin Wunderbar Basic Cross-Site Scripting (1.1.3)