EPSS
Percentile
79.2%
WordPress’ Object Cache that caches data from the database did not validate or encode the cache key. If an attacker managed to inject a malicious cache key that was then output in a third party plugin, it could lead to XSS.
core.trac.wordpress.org/changeset/47637/
github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c
wordpress.org/news/2020/04/wordpress-5-4-1/
www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/