WordPress' Object Cache that caches data from the database did not validate or encode the cache key. If an attacker managed to inject a malicious cache key that was then output in a third party plugin, it could lead to XSS.
Nick Daugherty from WordPress VIP / WordPress Security Team
Ryan
No
2020-04-29 (about 2 years ago)
2020-04-30 (about 2 years ago)
2020-05-02 (about 2 years ago)