A just-patched stored cross-site scripting (XSS) vulnerability in WordPress allowed drive-by remote code-execution, according to an analysis. The bug exists in the built-in editor Gutenberg, which is found in WordPress 5.0 to 5.2.2. Sites that use the Gutenberg are open to complete takeover. The National Institute of Standards and Technology assigned the vulnerability a Common Vulnerabilities and Exposures rating of 6.1, making it a Medium severity bug.
Source: https://threatpost.com/wordpress-xss-drive-by-code-execution/148324/