Description
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Affiliate-Coupon Affiliates Cross-Site Scripting (4.11.0.1)
WordPress Plugin Advanced Shipping Validation for WooCommerce Cross-Site Scripting (1.0.0)
WordPress Plugin Soundy Background Music Cross-Site Scripting (3.9)
WordPress Comment Post Cross-Site Scripting Vulnerability (2.0)