In all, WordPress patched 10 security bugs as part of the release of version 5.5.2 of its web publishing software. The update patches a high-severity bug, which could allow a remote unauthenticated attacker to take over a targeted website via a narrowly tailored denial-of-service attack. The researcher who found the bug, Omar Ganiev, founder of DeteAct, told Threatpost that the vulnerability s impact may be high, but the probability an adversary could reproduce the attack in the wild is low.
Source: https://threatpost.com/wordpress-patches-rce-bug/160812/