wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post.
{ "cpes": [ "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ], "severity": "Critical" }