Impact
The widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML feature. This leads to stored XSS in the custom HTML widget.
Patches
This has been patched in WordPress 5.8. It was only present during the testing/beta phase of WordPress 5.8.
References
https://hackerone.com/reports/1222797
https://wordpress.org/news/category/releases/
For more information
If you have any questions or comments about this advisory:
Impact
The widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML feature. This leads to stored XSS in the custom HTML widget.
Patches
This has been patched in WordPress 5.8. It was only present during the testing/beta phase of WordPress 5.8.
References
https://hackerone.com/reports/1222797
https://wordpress.org/news/category/releases/
For more information
If you have any questions or comments about this advisory: