WordPress < 5.5.2 - Unauthenticated DoS Attack to RCE
The release notes state:
"Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE."
The attack consisted of creating a DoS condition on the MySQL database, which would make WordPress think that it has not been installed, presenting the installation wizard. The DoS attack would then need to be stopped. According the original researcher, the attack would be very hard to reproduce.