WYSIWYG editor plugin - a major security vulnerability ?
By default there is only a plain text post editor. But in the dashboard there is a WYSIWYG plugin by Mirabilia Media.
The thing is, it allows to edit the HTML of a post. Does this mean that enabling it exposes the site to a wide range of injection attacks?