Submit a Vulnerability

Admins and editors are allowed to use JS in posts/pages/comments/etc, so the unfiltered_html capability should be disallowed when testing for Stored XSS using such roles (more information).

Your Details

Feel free to leave any of these fields blank.
Your email address will never be displayed publicly, we will only use to contact you regarding the vulnerability you submit. All other fields (except your email address) will be made public on our website along with the vulnerability you submit.

Submitter name

I am the original researcher

Researcher name

Submitter email

I want to receive email updates

Submitter website

Submitter Twitter

Vulnerability Details

Please fill in this information as accurately and as thoroughly as possible. This will ensure it is published by us as fast as possible.

Title*

Vulnerability type*

Affected plugin(s)

Affected theme(s)

Min Required Access*

Published date*

Description*

PoC*

Please provide a cURL command, raw request, or other minimal PoC that can be used to reproduce the issue.

Supporting images

Max file size: 1MB

Video links

Reference URLs

I have notified the vendorI would like to request a CVE

By ticking this box you agree to our submission terms*