Don’t be a WordPress RCE-hole and patch up this XSS vuln, pronto

Not on 5.1.1? You should be

A newly revealed vuln in the open-source CMS WordPress allows an unauthenticated website attacker to remotely execute code – potentially letting naughty folk delete or edit blog posts.…

The Register – Security
Secure Hunter Anti -Malware