WordPress before 5.5.2 allows XSS associated with global variables.
{ "cpes": [ "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ], "severity": "Medium" }