Edit Report

Our sensors found this exploit at:

Below is a copy:

WordPress Motopress Hotel Booking Lite 4.4.2 Cross Site Scripting
# Exploit Title: WordPress Plugin Motopress Hotel Booking Lite 4.4.2 - Stored Cross-Site Scripting (XSS)
# Date: 2022-09-28
# Exploit Author: Ali Alipour
# Vendor Homepage:
# Software Link:
# Version: 4.4.2
# Tested on: Windows 10 Pro x64 - XAMPP Server
# CVE : N/A


1: Install Latest WordPress

2: Install and activate Latest Motopress Hotel Booking Lite (4.4.2).

3: Navigate to Accommodation >> Services.

4: Click on "Add New" button And Enter the JavaScript Payload in the Title Field : ( "><script>alert("XSS")</script> )

5:Click on the publish button.

6. Visit http://localhost/wp/services/

7. XSS payload execute.

Copyright ©2023 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.