Have you updated your WordPress to version 5.4.2? If you haven’t, consider doing it as soon as possible, as the update contains 23 fixes and enhancements, and specifically 6 security fixes, 3 of which address XXS, or cross-site scripting vulnerabilities.
Security fixes in WordPress Version 5.4.2
Also, Read 130M Attacks Try to Steal Database Credentials from 1.3M WordPress Sites
What other security bugs were fixed in WordPress Version 5.4.2?
– An open redirect issue in wp_validate_redirect();
– An issue where set-screen-option can be misused by plugins leading to privilege escalation;
– An issue where comments from password-protected posts and pages could be displayed under certain conditions.
The good news is that most of these issues can be exploited only under specific, limited conditions or by trusted users. Nonetheless, updating to the latest version is highly recommended. Note that since this is a minor WordPress release, most websites will automatically update to version 5.4.2.