EPSS
Percentile
65.5%
Wordpress is vulnerable to cross-site scripting (XSS) attacks. A malicious user can pass a javascript: or data: URL to the link modal to inject and execute arbitrary Javascript.
javascript:
data:
core.trac.wordpress.org/changeset/41393
wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/