Share
## https://sploitus.com/exploit?id=WPEX-ID:A6331CA8-9603-4134-AF39-8E77AC9D511C
1. Using a user with Editor Role privileges, go to the support page assigned for the Help Desk WP Plugin.
2. Click on "Add New Ticket", and fill the form with dummy data.
3. Intercept the request using an HTTP Proxy, such as BurpSuite.
4. Replace the "description" form data with the following XSS payload: <img src=q onerror=prompt('XSS')>
5. Send the request.
6. As an Administrator user, open up the ticket using the Help Desk WP Plugin through Wordpress Dashboard.
7. The XSS payload will get executed.