WordPress versions up to and including 6.2.1 have a security vulnerability in the way it processes shortcodes in user-generated content in block themes. This could give malicious actors the ability to execute shortcodes in comments or other content, even if they do not have the required Subscriber or Contributor-level permissions. On its own, this vulnerability may not have a huge impact, but it can make other existing vulnerabilities much more severe.