Share
## https://sploitus.com/exploit?id=WPEX-ID:10405
As an unauthenticated user, go to the affiliate-register page (default is /affiliate-home/affiliate-register/), fill the form and put the following payload in the Last Name and City fields (others are also vulnerable): a" onfocus=alert(/XSS/) autofocus="autofocus. Then, log in as admin and view the created affiliate (ie /wp-admin/admin.php?page=wpam-affiliates&viewDetail=1) to trigger the XSS.