Share
## https://sploitus.com/exploit?id=WPEX-ID:095C9C35-2618-4F90-8435-A3C34F0BB7F1
1. Visit the "Settings" interface available in settings page of the plugin that is named "Widget Settings"
2. In the plugin's "Today's Count Label" setting field, enter the payload
Payload: `"type=image src=1 onerror=alert(1)>`
3. Click the "Save Changes" button.
4 The XSS will be triggered on the settings page when every visit of an authenticated user.

Note: Other settings may also be affected.