Exploit for Themify Portfolio Post < 1.1.6 - Authenticated Stored Cross-Site Scripting CVE-2021-24129

Name: Exploit for Themify Portfolio Post < 1.1.6 - Authenticated Stored Cross-Site Scripting CVE-2021-24129
Rating: 5 (257 reviews)

2020-12-04 | CVSS -0.1

## https://sploitus.com/exploit?id=WPEX-ID:C8537E5F-1948-418B-9D29-3CF50CD8F9A6
1. As a contributor, go into "Portfolios" tab from the sidebar and create a new Portfolios

2. In the Themify Custom Panel section, Input an XSS vector to :
- Date
- Client
- Services
- Link to Launch

ex: <img src=x onerror=alert(origin)>

3. Publish/Send for review and visit created post/preview as editor/admin to trigger XSS.