Summary: In WordPress versions before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS.Published: Friday, December 14, 2018 - 15:29cvss: