Admins and editors are allowed to use JS in posts/pagues/commens/etc, so the
unfiltered_html
capability should be disallowed when testing for Stored XSS using such roles (
more information
). Please consider using the
WPScan Vulnerability Test Bench
for testing vulnerabilities in a standard and consistent environment.
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
- Privacy
WPScan
