Description WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. Remediation References CVE-2019-17674 Related Vulnerabilities WordPress Plugin Better Search SQL Injection (2.2.2) WordPress Plugin WP Photo Album Plus Unspecified Vulnerability (6.5.00) MySQL CVE-2020-14559 Vulnerability (CVE-2020-14559) Drupal Core 4.7.x SQL Injection (4.7.0) Liferay Portal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-1502) Severity Medium Classification CVE-2019-17674 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities