Description
WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2016-0688 Vulnerability (CVE-2016-0688)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4718)
Apache mod_rewrite off-by-one buffer overflow vulnerability
WordPress Plugin Clik stats Open Redirect (0.8)
WordPress Plugin WP App Maker Cross-Site Scripting (1.0.16.4)