EPSS
Percentile
79.2%
wordpress is vulnerable to cross-site scripting (XSS). The stats() method of class-wp-object-cache.php does not sanitize the user-provided data, allowing an attacker to inject malicious script to be executed when a user loads the page.
stats()
class-wp-object-cache.php
github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c
lists.debian.org/debian-lts-announce/2020/05/msg00011.html
wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
www.debian.org/security/2020/dsa-4677