This page details the possible sinks in WordPress component where we may be able to perform a malicious action should we control the input. The payload will come from a source.