WordPress Custom Global Variables plugin version 1.0.5 suffers from a persistent cross site scripting vulnerability.
# Exploit Title: WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site Scripting (XSS)
# Google Dork: NA
# Date: 09/01/2021
# Exploit Author: Swapnil Subhash Bodekar
# Vendor Homepage:
# Software Link: https://wordpress.org/plugins/custom-global-variables/#developers
# Version: 1.0.5
# Tested on Windows
How to reproduce vulnerability:
1. Install WordPress 5.6
2. Install and activate Custom Global variables plugin.
3. Navigate to Setting >> Custom Global Variables and enter the data into the user input field.