If the database settings gets modified, to contain a a script, for the nested setting sp_settings_basic[template]
POC:
run wp cli command to modify value and visit settings page with the template setting.
wp option patch update sp_settings_basic template "value\"><script>alert('payload')</script>"
security fix to fix one xss error.
If the database settings gets modified, to contain a a script, for the nested setting sp_settings_basic[template]
POC: run wp cli command to modify value and visit settings page with the template setting.
wp option patch update sp_settings_basic template "value\"><script>alert('payload')</script>"