WordPress recently released an update, 5.1.1, which patches a stored XSS vulnerability in the platform’s comment system. Even 10 days after the release of this security patch, around 60% of all WordPress sites scanned by our services didn’t have this fix applied.
We are not aware of any exploit attempts using the vulnerability currently.
Should I Panic?
This vulnerability requires some level of social engineering to be exploited, and as such it may seem like this attack would be very hard to perform.
Source: Scuri check