EPSS
Percentile
51.5%
Authenticated users could corrupt JSON data in the Customizer of other users’ to inject malicious JavaScript.
core.trac.wordpress.org/changeset/47633/
github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c
wordpress.org/news/2020/04/wordpress-5-4-1/
www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/