WordPress · AKSHAT2802 · Jan 4, 2026 · Jan 4, 2026
diff --git a/src/wp-admin/includes/user.php b/src/wp-admin/includes/user.php
@@ -103,7 +103,7 @@ function edit_user( $user_id = 0 ) {
 	}
 
 	if ( isset( $_POST['description'] ) ) {
-		$user->description = trim( $_POST['description'] );
+		$user->description = wp_kses_post( trim( $_POST['description'] ) );
 	}
 
 	foreach ( wp_get_user_contact_methods( $user ) as $method => $name ) {

diff --git a/src/wp-admin/user-edit.php b/src/wp-admin/user-edit.php
@@ -628,9 +628,48 @@
 
 				<table class="form-table" role="presentation">
 					<tr class="user-description-wrap">
-						<th><label for="description"><?php _e( 'Biographical Info' ); ?></label></th>
-						<td><textarea name="description" id="description" rows="5" cols="30"><?php echo $profile_user->description; // textarea_escaped ?></textarea>
-						<p class="description"><?php _e( 'Share a little biographical information to fill out your profile. This may be shown publicly.' ); ?></p></td>
+						<th>
+							<label for="description"><?php _e( 'Biographical Info' ); ?></label>
+						</th>
+						<td>
+							<?php
+							$use_rich_editor = apply_filters(
+								'user_profile_biography_rich_editor',
+								true,
+								$profile_user
+							);
+
+							if ( $use_rich_editor ) {
+								wp_editor(
+									$profile_user->description,
+									'description',
+									array(
+										'textarea_name' => 'description',
+										'textarea_rows' => 5,
+										'media_buttons' => false,
+										'teeny'         => false,
+										'quicktags'     => false,
+										'tinymce'       => array(
+											'toolbar1' => 'bold italic | bullist numlist | link unlink',
+											'toolbar2' => '',
+											'menubar' => false,
+										),
+									)
+								);
+							} else {
+								?>
+								<textarea name="description" id="description" rows="5" cols="30">
+									<?php
+										echo esc_textarea( $profile_user->description );
+									?>
+								</textarea>
+								<?php
+							}
+							?>
+							<p class="description">
+								<?php _e( 'Share a little biographical information to fill out your profile. This may be shown publicly.' ); ?>
+							</p>
+						</td>
 					</tr>
 
 					<?php if ( get_option( 'show_avatars' ) ) : ?>

diff --git a/src/wp-includes/user.php b/src/wp-includes/user.php
@@ -1917,7 +1917,7 @@ function sanitize_user_field( $field, $value, $user_id, $context ) {
 		}
 
 		if ( 'description' === $field ) {
-			$value = esc_html( $value ); // textarea_escaped?
+			$value = wp_kses_post( $value ); // textarea_escaped?
 		} else {
 			$value = esc_attr( $value );
 		}