According to the WordPress release notes:
"Props to Ian Dunn of the Core Security Team for finding and disclosing a case where reflected cross-site scripting could be found in the dashboard."
Ian Dunn - Core Security Team
2019-09-05 (about 2 years ago)
2020-09-22 (about 1 years ago)