WordPress before 5
WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed.
Exploitability
AV:N
AC:L
PR:N
UI:N
Scope
S:U
Impact
C:N
I:H
A:N
7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N