# Check & Log Email Check & Log Email -> Settings -> Encoding -> check the 'Email Encoder' box and click Save As Unauthenticated user add a comment to any post with the following content: Log in as the admin user and navigate to the comment moderation '/wp-admin/edit-comments.php' and observe that the JavaScript payload is executed. ``` ## References - URL: https://sec.stealthcopter.com/regexss/ ## Additional Information - **Original Researcher**: Matthew Rollings - **Submitter**: Matthew Rollings - **Submitter Website**: https://sec.stealthcopter.com - **Submitter Twitter**: @stealthcopter - **Verified**: Yes - **WPVDB ID**: 97908c15-6e7a-4242-8c6f-66c8b804364c - **Disclosure Date**: 2026-04-07