WordPress: DOM Based XSS In mercantile.wordpress.org

Hello, There is a DOM XSS in mercantile.wordpress.org in the apparel subcat. For example: https://mercantile.wordpress.org/product-category/apparel/?subcat= Steps To Reproduce 1. Go to https://mercantile.wordpress.org 2. Click on apparel 3. In the url bar add : /?subcat=" The domain will pop-up. ...

WordPress: Stored self-XSS in mercantile.wordpress.org checkout

Hello Team, Summary after i read this 221893 report, i try to find more security issue there, and i was surprise i found an RCE Via Template Injection. Since on that report i see ng-bindable word, its possible the site also effect by RCE. Step To Reproduce 1. open https://mercantile.wordpress.org...

WordPress: Stored but [SELF] XSS in mercantile.wordpress.org

Hi Wordpress and to Iandunn This was what I am talking about lately so I will go up straight on how to reproduce it. Steps to Reproduce 1. Go to mercantile.wordpress.org //make sure to have an account for this test :D 2. Hover on Account Details /my-account/edit-account/ 3. In First Name and Last...