WordPress does not properly escape comments, which could lead to Stored Cross-Site Scripting issues
github.com/WordPress/wordpress-develop/commit/89c8f7919460c31c0f259453b4ffb63fde9fa955
wordpress.org/news/2022/10/wordpress-6-0-3-security-release/