Name of the Vulnerable Software and Affected Versions:

WordPress versions prior to 5.5.2

Description:

The issue is related to a lack of privilege management mechanism in the wp-includes/class-wp-xmlrpc-server.php component of the WordPress content management system. This allows attackers to gain privileges by using XML-RPC to comment on a post, potentially enabling remote attackers to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations:

For versions prior to 5.5.2, update to version 5.5.2 or later to resolve the issue.

As a temporary workaround, consider disabling the XML-RPC functionality until a patch is available.

Restrict access to the wp-includes/class-wp-xmlrpc-server.php component to minimize the risk of exploitation.