wanEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function
There is a cross-site scripting (XSS) issue in wanEditor via the image upload function in version 4.7.11. This issue has been fixed in version 4.7.12.