[wp-trac] [WordPress Trac] #63300: WordPress TinyMCE 4.9.11 version
WordPress Trac
noreply at wordpress.org
Thu Apr 17 05:38:22 UTC 2025
#63300: WordPress TinyMCE 4.9.11 version
---------------------------+-----------------------------
Reporter: praveenelevon | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 6.7.2
Severity: critical | Keywords:
Focuses: |
---------------------------+-----------------------------
Hi Guys,
WordPress latest version 6.7.2 comes with TinyMCE 4.9.11 version which
show vulnerability issues. How to get the vulnerability issue fixed? Why
WordPress is not coming with latest version of TinyMce? Can anyone help.
Vulnerable javascript library: TinyMCE
version: 4.9.11
script uri: wp-includes/js/tinymce/tinymce.min.js?ver=49110-20201110
Details:
TinyMCE 5.1.6 provides improvement in CDATA parsing and sanitization to
address a cross-site scripting (XSS) vulnerability. Please refer to vendor
documentation (https://www.tiny.cloud/docs/release-notes/release-
notes516/) for more information.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63300>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list