CVE-2021-39201

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 5.8

Description The issue allows an authenticated but low-privileged user, such as a contributor or author, to execute cross-site scripting (XSS) in the editor, bypassing restrictions imposed on users who do not have the permission to post unfiltered html.

Recommendations For versions prior to 5.8, update to WordPress 5.8 or enable auto-updates to receive the fix via minor releases. As a temporary workaround, consider restricting the use of the editor for low-privileged users until a patch is available. Keep auto-updates enabled to receive the fix.