Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.
{ "ubuntu_priority": "medium" }