On September 9, 2021 WordPress version 5.8.1 was released fixing three vulnerabilities. The official blog post states: “Props to Michał Bentkowski of Securitum for reporting a XSS vulnerability in the block editor.” Further details: The issue allows an authenticated but low-privileged user (like contributor/author) to execute XSS in the editor. This bypasses the restrictions imposed on users who do not have the permission to post unfiltered_html.