Description
WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (7.6.0)
e107 Other Vulnerability (CVE-2007-3429)
WordPress Plugin Virtual Robots.txt Cross-Site Scripting (1.9)
WordPress Plugin ImageBoss-Images Up To 60% Smaller & CDN Cross-Site Scripting (3.0.4)
WordPress Plugin Question and Answer Forum 'title' Variable Cross-Site Scripting (1.2.4)