WordPress Core, the underlying software of the popular website building platform, contains a vulnerability that could allow malicious web scripts to be executed when someone views a comment. The vulnerability is called Stored Cross-Site Scripting and it exists in versions of WordPress Core up to 6.0.3. It is possible to exploit this vulnerability when someone edits a comment, as the values being stored during this process are not sufficiently escaped or sanitized. This means that an authenticated user with high level permissions, such as an editor, can modify the comments on a post in a way that could include malicious web scripts.