Submit a Vulnerability

Admins and editors are allowed to use JS in posts/pages/comments/etc, so the unfiltered_html capability should be disallowed when testing for Stored XSS using such roles (more information).

Your Details
Feel free to leave any of these fields blank.
Your email address will never be displayed publicly, we will only use to contact you regarding the vulnerability you submit. All other fields (except your email address) will be made public on our website along with the vulnerability you submit.
Vulnerability Details
Please fill in this information as accurately and as thoroughly as possible. This will ensure it is published by us as fast as possible.
Please provide a cURL command, raw request, or other minimal PoC that can be used to reproduce the issue.