WordPress Core 5.6.2 - Xpath Injection