Exploit for Booking.com Product Helper < 1.0.2 - Admin+ Stored Cross-Site Scripting CVE-2021-24645

Name: Exploit for Booking.com Product Helper < 1.0.2 - Admin+ Stored Cross-Site Scripting CVE-2021-24645
Rating: 5 (229 reviews)

2021-10-05 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:B15744DE-BF56-4E84-9427-B5652D123C15
When creating a "New product shortcode" you can inject XSS payloads like <--`<img/src=` onerror=confirm``> --!> in the Product Code form field. When a page that includes that product's shortcode is viewed by a visitor, the payload will execute.