Description WordPress does not properly escape URL attributes in the HTML API, allowing high-privileged users to perform Stored Cross-Site Scripting (XSS)…Read More