WordPress.org
Get WordPress

Make WordPress Core

Opened 7 months ago

Closed 7 months ago

Last modified 5 months ago

#63300 closed defect (bug) (wontfix)

WordPress TinyMCE 4.9.11 version

Reported by: praveenelevon's profile praveenelevon Owned by:
Milestone: Priority: normal
Severity: critical Version: 6.7.2
Component: General Keywords:
Focuses: Cc:

Description

Hi Guys,
WordPress latest version 6.7.2 comes with TinyMCE 4.9.11 version which show vulnerability issues. How to get the vulnerability issue fixed? Why WordPress is not coming with latest version of TinyMce? Can anyone help.

Vulnerable javascript library: TinyMCE
version: 4.9.11
script uri: wp-includes/js/tinymce/tinymce.min.js?ver=49110-20201110
Details:
TinyMCE 5.1.6 provides improvement in CDATA parsing and sanitization to address a cross-site scripting (XSS) vulnerability. Please refer to vendor documentation (https://www.tiny.cloud/docs/release-notes/release-notes516/) for more information.

Change History (2)

#1 @Presskopp
7 months ago

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #47218.

#2 @desrosj
5 months ago

  • Milestone Awaiting Review deleted
  • Resolution changed from duplicate to wontfix

Changing resolution to wontfix because #47218 technically supersedes this one.

Note: See TracTickets for help on using tickets.