Wordpress is vulnerable to private posts disclosure. The posts which were previously set to public can be leaked under some specific conditions.
github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c
github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w
lists.debian.org/debian-lts-announce/2020/05/msg00011.html
wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
www.debian.org/security/2020/dsa-4677