Woocommerce reviews xss issue [closed]

Go ahead and disable WooCommerce and comment on a post; you can do the same thing because you’re logged in as admin. Admin users are able to post unfiltered content. If you repeat the test logged out, you’ll notice you’re not able to exploit anything.

See this trac ticket from WordPress https://core.trac.wordpress.org/ticket/33402

And this article on make.wordpress https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/#why-are-some-users-allowed-to-post-unfiltered-html

For future reference, please report security issues responsibly rather than publicly – use https://hackerone.com/automattic

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)