Exploit for WP All Export < 1.3.1 - Admin+ Stored Cross-Site Scripting CVE-2021-24708

Name: Exploit for WP All Export < 1.3.1 - Admin+ Stored Cross-Site Scripting CVE-2021-24708
Rating: 5 (260 reviews)

2021-10-06 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:4560EEF4-253B-49A4-8E20-9520C45C6F7F
1. Create a new export via "New Export" page.
2. Go to "Manage Exports" page, edit the name of an item by click to "Export Settings" under the item. Put XSS payload into the "Friendly Name" form. e.g: name"><img/src/onerror=alert('laladee')>
3. Save and reload Manage Exports page, the XSS will be triggered