# Exploit Title: WordPress Plugin KN Fix Your Title 1.0.1 - 'Separator' Stored Cross-Site Scripting (XSS)
# Exploit Author: Aakash Choudhary
# Software Link: https://wordpress.org/plugins/kn-fix-your/
# Version: 1.0.1
# Category: Web Application
# Tested on Mac
How to Reproduce this Vulnerability:
1. Install WordPress 5.7.2
2. Install and activate KN Fix Your Title
3. Navigate to Fix Title under Settings Tab >> Click on I have done this and enter the XSS payload into the Separator input field.
4. Click Save Changes.
6. Payload Used: "><script>alert(document.cookie)</script>
# 0day.today [2021-09-17] #