Exploit for IDonate <= 1.9.0 - Admin+ Stored XSS CVE-2024-3594

Name: Exploit for IDonate <= 1.9.0 - Admin+ Stored XSS CVE-2024-3594
Rating: 5 (86 reviews)

2024-05-01 | CVSS 5.7

## https://sploitus.com/exploit?id=WPEX-ID:7A8A834A-E5D7-4678-9D35-4390D1200437
1. Navigate to
http://example.com/wp-admin/admin.php?page=idonate-setting-admin
2. Enter payload `"><h1 onclick=alert(1)>XSS</h1>` in Recaptcha secret key
and in Recaptcha Site key
3. Click on save changes.
4. While clicking on the payload text, XSS will trigger.