WordPress Events-Manager 5.9.7.3 Cross Site Scripting

[-] Title : word press plugin events-manager 5.9.7.3 - Cross-Site Scripting
[-] Author : MEHRAN_FEIZI
[-] Vendor : https://wordpress.org/plugins/events-manager/
[-] Title : word press plugin events-manager 5.9.7.3 - Cross-Site Scripting
[-] Author : MEHRAN_FEIZI
[-] Vendor : https://wordpress.org/plugins/events-manager/
[-] Tested on : Windows
[-] Category : Webapps
[-] Date : 2020-02-16
=====================================================================================================
Vulnerable page :
events-manager/admin/bookings/em-cancelled.php
======================================================================================================
Vulnerable Source :
39: echo echo esc_attr($_GET['em_search']) : '';
=======================================================================================================
POC :
http://localhost/wp-content/plugins/events-manager/admin/bookings/em-cancelled.php?em_search=[XSS]
=======================================================================================================
************************
* ==> Contact With We :
* Telegram : @MF0584
* Email : mehranfeizi13841384@gmail.com
************************