Should CVE-2021-29447 [1] be also listed against this bug? I'll be putting it in the changelog.
How good is it when WordPress raise their own CVEs! One glorious day they will put them in their announcements too. 1: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh
