EPSS
Percentile
72.5%
Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack via post slugs, which can affect high-privileged users.
blog.sonarsource.com/wordpress-stored-xss-vulnerability
github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w
hackerone.com/reports/425342