# Exploit Title: WordPress Plugin Payments Plugin | GetPaid 2.4.6 - HTML Injection  
# Date: 29/08/2021  
# Exploit Author: Niraj Mahajan  
# Software Link:  
# Version: 2.4.6  
# Tested on Windows  
*Steps to Reproduce:*  
1. Install Wordpress 5.8  
2. Install and Activate "WordPress Payments Plugin | GetPaid" Version 2.4.6  
3. Navigate to GetPaid > Payment Forms  
4. Click on "Add New" in the Payment Form page  
5. Add a title and Click on Billing Email  
6. You can see the "Help Text" field on the left hand side.  
7. Add the below HTML code into the "Help Text" Field.  
<img src=""  
height="200px" width="200px">  
8. You will observe that the HTML code has successfully got stored into the database and executed successfully and we are getting an Image at the right hand side.