CVE-2019-16222 (wordpress)

WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.
Source: NIST
CVE-2019-16222 (wordpress)