Lowe

**Name of the Vulnerable Software and Affected Versions** WordPress versions 5.8 beta 1 through 5.8 **Description** The issue is related to improper handling of HTML input in the Custom HTML feature of the widgets editor, introduced in WordPress 5.8 beta 1. This leads to stored XSS in the custom HTML widget. The vulnerability allows a remote attacker to inject arbitrary web or HTML code. **Recommendations** For WordPress versions 5.8 beta 1 through 5.8, update to WordPress 5.8 or later to resolve the issue. As a temporary workaround, consider disabling the Custom HTML feature in the widgets editor until a patch is available. Restrict access to the custom HTML widget to minimize the risk of exploitation. Avoid using the Custom HTML feature in the widgets editor until the issue is resolved.