The WordPress team fixed a software flaw introduced in the 5.1 release that could allow potential attackers to perform stored cross-site scripting (XSS) attacks with the help of maliciously crafted comments on WordPress websites with the comments module enabled. […]
Source: leepingcomputer.com
WordPress 5.1.1 Fixes XSS Vulnerability Leading to Website Takeovers