Description
WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.
Remediation
References
Related Vulnerabilities
WordPress Cleartext Storage of Sensitive Information Vulnerability (CVE-2017-14990)
Oracle JRE CVE-2020-2805 Vulnerability (CVE-2020-2805)
WordPress Plugin SoundCloud Is Gold 'width' Parameter Cross-Site Scripting (2.1)
WordPress Plugin Download Monitor Cross-Site Scripting (1.7.0)
WordPress Plugin Ninja Forms with File Uploads Extension Arbitrary File Upload (3.3.0)