Share
## https://sploitus.com/exploit?id=1337DAY-ID-37730
# Exploit Title: WordPress Plugin WP Event Manager - Stored Cross Site
Scripting
# Exploit Author: Mariam Tariq - HunterSherlock
# Vendor Homepage: https://wordpress.org/plugins/wp-event-manager/
# Version: 3.1.27
# Tested on: Firefox
# Contact me: [emailĀ protected]
#Steps To Reproduce :
1 - First Install the plugins - wp-event-manager and activate it.
2 - Go to event manager ā> Add New
3 - Inside the āāEvent Titleā at the top, enter XSS payload ā><img src=x
onerror=alert(1)> and hit publish.
4 - Check the newly made eventās URL /event/{id}/ , XSS will trigger.
#Poc Image :
https://imgur.com/J1Q3x5u