Description
WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php.
Remediation
References
Related Vulnerabilities
Drupal Core 9.4.x Remote Code Execution (9.4.0 - 9.4.2)
WordPress Plugin Smart Slider 3 PRO Cross-Site Scripting (3.5.0.8)
MySQL CVE-2016-0505 Vulnerability (CVE-2016-0505)
WordPress Plugin WPFront Scroll Top Cross-Site Scripting (2.0.6.07225)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5012)