Wordpress is vulnerable to cross-site scripting (XSS). The RSS and search block of the block editor accepts an authenticated user-provided malicious data without proper handling, allowing an attacker to inject and execute arbitrary Javascript in a user’s browser.