Description
In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2008-2590 Vulnerability (CVE-2008-2590)
Oracle JRE CVE-2014-2421 Vulnerability (CVE-2014-2421)
WordPress Plugin WP Accessibility Cross-Site Scripting (1.6.10)
Telerik Web UI Inadequate Encryption Strength Vulnerability (CVE-2017-11317)
WordPress Plugin Custom Website Data Cross-Site Request Forgery (1.2)