A big XSS just happened recently. This reminds me - we could/should add Wordpress to our case studies. I've published papers using data from Wordpress vulnerabilities before. It's a doable case study.
Some things to discuss about this vulnerability:
Escaping for XSS is really really hard
You have to remember to use the escaping properly. You can't solve it for everyone - everyone must know what it does
WP is particularly vulnerable because they rely on a lot of plugins and there's no sandboxing between those plugins
https://www.theregister.com/2023/05/08/wordpress_plugin_vulnerability/
A big XSS just happened recently. This reminds me - we could/should add Wordpress to our case studies. I've published papers using data from Wordpress vulnerabilities before. It's a doable case study.
Some things to discuss about this vulnerability:
Some good factoids from this article, too.