Exploit for WP FEvents Book <= 0.46 - Subscriber+ Stored XSS CVE-2023-1126

Name: Exploit for WP FEvents Book <= 0.46 - Subscriber+ Stored XSS CVE-2023-1126
Rating: 5 (93 reviews)

2023-04-03 | CVSS 5.4

## https://sploitus.com/exploit?id=WPEX-ID:87CE3C59-B234-47BF-ABCA-E690B53BBE82
1. Create an event page using the plugin.
2. Access the page using an account with Subscriber role.
3. In the 'User notes' section, inject the following XSS payload: `<img src=q onerror=prompt(/XSS/)>`