N/A Unfixed Closed 2026-02-18≤ 1.0 xmlrpc attacks blocker <= 1.0 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' WordfenceCVE