Description
In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.
Remediation
References
Related Vulnerabilities
WordPress Plugin Alpine PhotoTile for Instagram Cross-Site Scripting (1.2.7.7)
WordPress Plugin GD Star Rating 'votes' Parameter SQL Injection (1.9.8)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2484)
WordPress Plugin SearchAutocomplete 'tags.php' SQL Injection (1.0.8)
WordPress Plugin Variation Swatches for WooCommerce Cross-Site Scripting (1.0.61)