CVE-2019-16781

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 5.3.1

Description The issue is related to a Cross-Site Scripting (XSS) error in the block editor of the WordPress content management system. This error can be exploited by authenticated users with lower privileges, such as contributors, who can inject JavaScript code in the block editor. The injected code is executed within the dashboard, which can lead to an admin opening the affected post in the editor, resulting in an XSS attack. This can allow a remote attacker to compromise the integrity of the data.

Recommendations For versions prior to 5.3.1, update to version 5.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the block editor for lower-privileged users until a patch is applied.