EPSS
Percentile
41.2%
Wordpress is vulnerable to cross-site scripting (XSS) attacks. Attackers can inject arbitrary webscript because the enclosure value is not correctly sanitized for RSS and Atom fields.
enclosure
codex.wordpress.org/Version_4.9.1
wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/