CVE ID – CVE-2020-4046
CVSS SCORE – 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
AFFECTED VENDORS – WordPress
AFFECTED PRODUCTS – Version 5.4 and earlier
VULNERABILITY DETAILS – an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor
ADVICE – Pentest recommend updating to version 5.4.2 to address the vulnerability
CREDIT – Sam Thomas