EPSS
Percentile
73.1%
WordPress is vulnerable to cross-site scripting (XSS) attacks. The library does not escape tags in shortcode previews in the TinyMCE editor, allowing a malicious user to inject and execute arbitrary web script.
core.trac.wordpress.org/changeset/41395
wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/