CVE
2019-20042
Public CVE-2019-20042 disclosure
wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring.
Link not working? No problem! With VULNMAP you always have guaranteed access to security information thanks to reliable backups.
Our backup links ensure that critical data remains always available, even in case of unavailability of original sites.