https://www.bleepingcomputer.com/news/security/unpatched-flaw-disclosed-in-wordpress-cms-core/

Security researchers from RIPS disclosed today details about an unpatched security flaw impacting WordPress, the Internet's most popular content management system (CMS).

RIPS researchers say they have told the WordPress team about this particular vulnerability in November last year, but the WordPress devs have failed to release a patch.