EPSS
Percentile
76.9%
WordPress is susceptible to cross-site scripting (XSS) attacks. The attacks exist because the version strings are not properly escaped before using it in the generator tags.
version
core.trac.wordpress.org/changeset/42893
github.com/johnpbloch/wordpress-core/commit/883414dbd7662c147aa76eaabf5bb8f8686eecd2
wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/