Exploit Title: WrodPress Plugin KJM Admin Notices——Stored Cross-Site Scripting Exploit Author: Thinkland Security Team Vendor Homepage: https://wordpress.org/plugins/kjm-admin-notices/ Version : V 2.0.1 Vulnerability Type: Stored Cross-Site Scripting Tested on Windows 10 、XAMPP Vulnerability proof: Settings》KJM Admin Notices 》Allow Role or Capability to Edit ,insert the xss payload "OnMoUsEoVeR=prompt(1)//
