Stored Cross-Site Scripting (XSS) vulnerability via wp-mail.php discovered by Toshitsugu Yoneyama (Mitsui Bussan Secure Directions, Inc. via JPCERT) in WordPress core (versions <= 6.0.2)
Update the WordPress to the latest available version (at least 6.0.3).