Stored XSS on Wordpress 5.3 via Title Post
High
Vulnerability Details
I have identified a WordPress security vulnerability , a Stored XSS vulnerability that affects latest version of WordPress (5.3)
POC:
1) Login to wordpress website
2) Make a post with title payload xss like example <script>alert(document.domain);</script>
3) Publish then open the post, XSS Will trigger
## Impact
Can stealing cookie user
Actions
View on HackerOneReport Stats
- Report ID: 754352
- State: Closed
- Substate: not-applicable
- Upvotes: 9