Exploit for Serial Codes Generator and Validator with WooCommerce Support < 2.4.15 - Admin+ Stored XSS CVE-2023-4376

Name: Exploit for Serial Codes Generator and Validator with WooCommerce Support < 2.4.15 - Admin+ Stored XSS CVE-2023-4376
Rating: 5 (4 reviews)

2023-08-23 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:13910E52-5302-4252-8BEE-49DD1F0E180A
There are two fields affected by a stored XSS vulnerability.

First:

1. Add new serial code 
2. On the multiline field "Codes to store on the server" enter the payload: <td></td><script>alert(1)</script><td></td>
3. Press "Store codes"
4. Go back to the https://example.com/wp-admin/admin.php?page=sngmbh-serialcodes-validator and see the XSS happening. 

Second:

1. Add new code list category 
2. On the multiline field "Name" enter the payload: <td></td><script>alert(2)</script><td></td>
3. Go back to the plugin settings and see the XSS.