There are many misconceptions around the potential effects cross-site scripting (XSS). The usual pop-up alert(1) window is failing to demonstrate the potential consequences of XSS to non-security people. See a walk-through process of exfiltrating data from a WordPress site by exploiting a XSS vulnerability.
*** This is a Security Bloggers Network syndicated blog from Rainbow and Unicorn authored by Gabor. Read the original post at: https://blog.gaborszathmari.me/wordpress-exploitation-with-xss/