reflected xss in https://wordpress.com/start/account/user

## Summary: xss after login at https://wordpress.com/start/account/user?variationName=free&redirect_to=javascript:alert(document.domain) ## Platform(s) Affected: web ## Steps To Reproduce: 1. auth normally 1. go to https://wordpress.com/start/account/user?variationName=free&redirect_to=javascript:alert(document.domain) **while already authenticated** and click continue 1. xss procs ## Supporting Material/References: █████ ## Impact XSS can be used to steal cookies, modify html content, and much more