EPSS
Percentile
51.5%
Wordpress is vulnerable to cross-site scripting (XSS). The navigation section of Customizer accepts the user-provided malicious scripts without proper handling, allowing an attacker to inject and execute arbitrary Javascript in a user’s browser.
github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c
wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
www.debian.org/security/2020/dsa-4677