Join GitHub today
Remove BBCode TinyMCE plugin from distribution #3325
If enabled, this plugin can be used to conduct a XSS attack. However, out-of-the-box this plugin isn't enabled, and it isn't possible for end-users to enable it, so this isn't a true security risk. However, since this issue is covered by a CVE, some customers prefer to have the plugin completely removed from the distribution.