WordPress before 5.2.3 allows XSS in stored comments. Reference: https://wpvulndb.com/vulnerabilities/9861
Created wordpress tracking bugs for this issue: Affects: epel-6 [bug 1776430] Affects: epel-7 [bug 1776431]
Fixed in 5.2.4