A minor authenticated stored XSS vulnerability was found in the “Styles for Skiplinks when they have focus” section of the WP Accessibility plugin.
PoC
- Navigate to the Settings page of the plugin https://example.com/wp-admin/options-general.php?page=wp-accessibility/wp-accessibility.php 2) Select the checkbox next to “Enable Skiplinks” 3) Under the “Styles for Skiplinks when they have focus” option, enter the following XSS payload: alert(/0/)