Impact
Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users.
Patches
This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled.
References
https://wordpress.org/news/category/releases/
https://hackerone.com/reports/425342
For more information
If you have any questions or comments about this advisory:
Impact
Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users.
Patches
This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled.
References
https://wordpress.org/news/category/releases/
https://hackerone.com/reports/425342
For more information
If you have any questions or comments about this advisory: