Exploit for Profile Box Shortcode And Widget < 1.2.1 - Admin+ Stored XSS CVE-2024-1401

Name: Exploit for Profile Box Shortcode And Widget < 1.2.1 - Admin+ Stored XSS CVE-2024-1401
Rating: 5 (81 reviews)

2024-02-27 | CVSS 5.7

## https://sploitus.com/exploit?id=WPEX-ID:91064BA5-CF65-46E6-88DF-0E4D96A3EF9F
When creating a new widget, insert the following payload in the "Max width" field: `250" onmouseover="alert(/XSS/)"`

View the site on the frontend to see the XSS