Context Navigation

Changes between Initial Version and Version 1 of Ticket #58336

Timestamp:: 05/17/2023 04:44:37 AM (2 years ago)
Author:: dd32
Comment:: This ticket has been approved to be posted here by the Core Security team

-                      initial
+                      v1
 The XSS then could be triggered by visiting the URL that trigger above code using this example payload :
+```
+{{{
 http://localhost/wp-admin?page=test&type=xxxxxxx" onload=alert(document.domain) xxx="
+```
+}}}
 We currently tried to research some of the plugin and theme that could be vulnerable from the `admin_body_class` implementation. So far, we are able to find the practical XSS on the Advanced Custom Fields plugin (Ref : https://patchstack.com/articles/reflected-xss-in-advanced-custom-fields-plugins-affecting-2-million-sites/)