Found xss vulnerability and Information Disclosure Vulnerability in post-edit.php

[onEpAth936]

environment:

• php.7.3.4
• win10

First,you need to Login the backstage here: /mc-admin/

Second,use payload: /mc-admin/post-edit.php?id=%3Cscript%3Ealert%285%29%3C/script%3E

you will see Pop-ups,then click here :

you will see Web Directory leak out like this: