Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-a5dw-t5m7-ffgz
Vulnerability ID VCID-a5dw-t5m7-ffgz
Aliases CVE-2021-39202
Summary WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML feature. This leads to stored XSS in the custom HTML widget. This has been patched in WordPress 5.8. It was only present during the testing/beta phase of WordPress 5.8.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00817 https://api.first.org/data/v1/epss?cve=CVE-2021-39202
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-39202
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.74651
EPSS Score 0.00817
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T17:17:08.646096+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0