The remote Debian host is missing a security-related update.
Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, create open redirects, poison cache, and bypass authorization access and input sanitation.
Upgrade the wordpress packages. For the stable distribution (buster), these problems have been fixed in version 5.0.4+dfsg1-1+deb10u1.