Authored by Taliya Bilal

WordPress Accessibility Help Button plugin version 1.1 suffers from a cross site scripting vulnerability.

# Exploit Title: WordPress Plugin Accessibility Help Button – Stored
Cross Site Scripting.
# Date: 2-04-2023
# Exploit Author: Taliya Bilal- NightHawk
# Vendor Homepage: https://wordpress.com/plugins/accessibility-help-button
# Version: 1.1
# Tested on: Firefox
# Contact me: [email protected]

# Steps to reproduce:
1. Install Accessibility Help Button WordPress plugin and activate.
2. Go to Options and on Button Text input field inject XSS payload
<script>alert('XSS')</script>
3. Fill out the whole form and click the save button below.
3. XSS will trigger.

#Screenshot:https://freeimage.host/i/HOBXWqg