CVE-2019-16780

Name of the Vulnerable Software and Affected Versions WordPress versions 3.7 through 5.3

Description The issue is related to a cross-site scripting (XSS) error in the block editor of the WordPress content management system. This error can be exploited by authorized users using a specific payload, allowing a remote attacker to compromise data integrity. The exploitation requires an authenticated user and can lead to XSS attacks if an administrator opens the affected post in the editor.

Recommendations For WordPress versions 3.7 through 5.3, update to version 5.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the block editor for lower-privileged users, such as contributors, until the update is applied.