EPSS
Percentile
41.2%
The attributes of enclosures are not correctly escaped in RSS and Atom feeds in wp-includes/feed.php file, which might allow an attacker to exploit XSS via a crafted URL.
Update WordPress to v4.9.1.
wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
www.cvedetails.com/cve/CVE-2017-17094/