# Exploit Title: WordPress Plugin donorbox-donation-form 7.1.6 -
Stored Cross Site Scripting (Authenticated)
# Date: 29-03-2022
# Exploit Author: Hassan Khan Yusufzai - Splint3r7
# Vendor Homepage:
https://wordpress.org/plugins/donorbox-donation-form
<https://wordpress.org/plugins/amministrazione-aperta/>
# Version: 7.1.6
# Tested on: Firefox
# Contact me: h [at] spidersilk.com


# Vulnerable Code:

```
public function donorbox_embed_campaign_id_settings() { ?>
        <input
name="donorbox_embed_campaign_options[donorbox_embed_campaign_id]"
type="text" value="<?php echo $this->options['donorbox_embed_campaign_id'];
?>" class="regular-text" />
        <?php
    }
```

# POC

1) Install donorbox-donation-form
<https://wordpress.org/plugins/amministrazione-aperta/> WordPress plugin
2)Open donorbox plugin settings
3) Inject payload in URL field
4) XSS will trigger.

# Timeline

21/03/2022 - Vendor notified
24/03/2022 - Fix / patch
24/03/2022 - CVE Requested
29/03/2022 - Public disclosure