Share
## https://sploitus.com/exploit?id=WPEX-ID:5CFBBDDD-D941-4665-BE8B-A54454527571
1. Click SendPress (which is available in left side)
2. Go to the Settings=>Forms=Create Form=>Form Type=>Signup, then click save.
3. In the Forms of Label parameters are vulnerable to Stored Cross Site Scripting.
Vulnerable parameters: Salutation Label, First Name Label, Last Name Label, Phone Number Label, E-Mail Label, Button Text, Lists Label: multiple lists only and Approval Label.
5. Payload: `"/><img src=x onerror=prompt(document.cookie)>`
6. Inject the above payload in above vulnerable parameters and save it.
7. The malicious JavaScript payload successfully executed.