Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.
2020-06-10 (about 2 years ago)
2020-06-11 (about 2 years ago)
2020-06-18 (about 2 years ago)