The Stored Cross-Site Scripting (XSS) vulnerability in WordPress allows an attacker to inject a JavaScript payload into post slugs, which can be used for privilege escalation and hijacking admin user sessions. The vulnerability was discovered in 2018 but remained unpatched for over three years. It can be exploited by attackers with author privileges or when certain plugins, such as bbPress, are installed. The patch was released in WordPress version 5.8.3, which includes a modified function `utf8_uri_encode()` that prevents payload encoding and decoding discrepancies. Exploitation without special privileges is possible using the bbPress plugin version prior to 2.6.0. Users are strongly recommended to update their WordPress installation to the latest version to fix the vulnerability.