Description WordPress before 5.2.3 allows XSS in post previews by authenticated users. Remediation References CVE-2019-16223 Related Vulnerabilities Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000194) Oracle Application Server CVE-2009-1017 Vulnerability (CVE-2009-1017) WordPress Plugin Import all XML, CSV & TXT into WordPress Multiple Vulnerabilities (6.5.7) Oracle HTTP Server Other Vulnerability (CVE-2020-35166) WordPress Plugin Akeeba Backup CORE for WordPress Arbitrary File Upload (1.1.3) Severity Medium Classification CVE-2019-16223 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities