Exploit for Best Contact Management Software <= 3.7.3 - Admin+ Stored Cross-Site Scripting CVE-2022-2151

Name: Exploit for Best Contact Management Software <= 3.7.3 - Admin+ Stored Cross-Site Scripting CVE-2022-2151
Rating: 5 (100 reviews)

2022-06-21 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:7C08E4C1-57C5-471C-A990-DCB9FD7CE0F4
Put the following payload in the "No Access Message" settings (/wp-admin/admin.php?page=wp_easy_contact_settings&tab=misc): <script>alert(/XSS/);</script>

The XSS will be triggered when someone access any quote without enough privileges