WordPress Visual Editor Cross Site Scripting

A cross-site scripting vulnerability exists in WordPress Visual Editor. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system.

from Check Point Update Services Advisories http://ift.tt/2k7XECE