Description
Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.
Remediation
References
Related Vulnerabilities
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-4962)
Microsoft SQL Server CVE-2023-36420 Vulnerability (CVE-2023-36420)
WordPress Plugin Order Export & Order Import for WooCommerce Cross-Site Request Forgery (1.6.0)
WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (8.0.05)
WordPress Plugin Social Network Tabs Information Disclosure (1.7.1)