Exploit for WordPress WP Event Manager 3.1.27 Cross Site Scripting

Name: Exploit for WordPress WP Event Manager 3.1.27 Cross Site Scripting
Rating: 5 (140 reviews)

2022-05-16 | CVSS -0.3

## https://sploitus.com/exploit?id=PACKETSTORM:167173
# Exploit Title: WordPress Plugin WP Event Manager - Stored Cross Site  
Scripting  
# Date: 15-05-2022  
# Exploit Author: Mariam Tariq - HunterSherlock  
# Vendor Homepage: https://wordpress.org/plugins/wp-event-manager/  
# Version: 3.1.27  
# Tested on: Firefox  
# Contact me: mariamtariq404@gmail.com  
  
  
#Steps To Reproduce :  
  
1 - First Install the plugins - wp-event-manager and activate it.  
2 - Go to event manager —> Add New  
3 - Inside the “”Event Title” at the top, enter XSS payload “><img src=x  
onerror=alert(1)> and hit publish.  
4 - Check the newly made event’s URL /event/{id}/ , XSS will trigger.  
  
#Poc Image :  
  
https://imgur.com/J1Q3x5u