Description WordPress before 5.5.2 allows stored XSS via post slugs. Remediation References CVE-2020-28038 Related Vulnerabilities CrushFTP Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-14038) WebLogic CVE-2018-2987 Vulnerability (CVE-2018-2987) MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-9402) Oracle Database Server CVE-2014-4293 Vulnerability (CVE-2014-4293) Apache 2.x version older than 2.2.3 Severity Medium Classification CVE-2020-28038 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities