EPSS
Percentile
40.1%
WordPress does not properly escape the lang attribute of an HTML element in In wp-includes/general-template.php, which might allow an attacker to exploit XSS via the language setting of a site.
Update WordPress to v4.9.1.
wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
www.cvedetails.com/cve/CVE-2017-17093/