WordPress.org
Get WordPress

Make WordPress Core

Opened 14 months ago

Closed 14 months ago

Last modified 12 months ago

#63300 closed defect (bug) (wontfix)

WordPress TinyMCE 4.9.11 version

Reported by: praveenelevon's profile praveenelevon Owned by:
Milestone: Priority: normal
Severity: critical Version: 6.7.2
Component: General Keywords:
Focuses: Cc:

Description

Hi Guys,
WordPress latest version 6.7.2 comes with TinyMCE 4.9.11 version which show vulnerability issues. How to get the vulnerability issue fixed? Why WordPress is not coming with latest version of TinyMce? Can anyone help.

Vulnerable javascript library: TinyMCE
version: 4.9.11
script uri: wp-includes/js/tinymce/tinymce.min.js?ver=49110-20201110
Details:
TinyMCE 5.1.6 provides improvement in CDATA parsing and sanitization to address a cross-site scripting (XSS) vulnerability. Please refer to vendor documentation (https://www.tiny.cloud/docs/release-notes/release-notes516/) for more information.

Change History (2)

#1 @Presskopp
14 months ago

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #47218.

#2 @desrosj
12 months ago

  • Milestone Awaiting Review deleted
  • Resolution changed from duplicate to wontfix

Changing resolution to wontfix because #47218 technically supersedes this one.

Note: See TracTickets for help on using tickets.