A minor authenticated stored XSS vulnerability was found in the βStyles for Skiplinks when they have focusβ section of the WP Accessibility plugin.
1) Navigate to the Settings page of the plugin
https://example.com/wp-admin/options-general.php?page=wp-accessibility/wp-accessibility.php
2) Select the checkbox next to "Enable Skiplinks"
3) Under the "Styles for Skiplinks when they have focus" option, enter the following XSS payload:
</style><script>alert(/0/)</script>
4) Navigate to the WordPress homepage and you'll see an XSS popup