Exploit for DSGVO All in one for WP < 4.2 - Admin+ Stored Cross-Site Scripting CVE-2022-2628

Name: Exploit for DSGVO All in one for WP < 4.2 - Admin+ Stored Cross-Site Scripting CVE-2022-2628
Rating: 5 (61 reviews)

2022-09-12 | CVSS -0.5

## https://sploitus.com/exploit?id=WPEX-ID:E712F83E-B437-4BC6-9511-2B0290ED315D
Go the DSGVO AIO > Settings Cookie Notice settings and enabled them, then put the following payload in any of the Button Text settings (such as "Button Text (Accept)", "Button Text (Personalize)" and "Button Text (Reject)"): <img src onerror=alert(/XSS/)> 

The XSS will be trigged in any frontend page