WordPress does not escape some input in the Customizer, which could lead to Stored Cross-Site Scripting issue
CSRF
Alex Concha
Yes
2022-10-17 (about 11 months ago)
2022-10-19 (about 11 months ago)