WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC.
{ "severity": "Critical", "cpes": [ "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ] }