WordPress before 5.2.3 allows reflected XSS in the dashboard. Reference: https://wpvulndb.com/vulnerabilities/9865
Created wordpress tracking bugs for this issue: Affects: epel-6 [bug 1776442] Affects: epel-7 [bug 1776443]