## https://sploitus.com/exploit?id=WPEX-ID:0B8C5947-BC73-448E-8F10-A4F4456E4000
Put the following payload in the Post Views Label settings of the plugin (?wp-admin/options-general.php?page=post-views-counter&tab=display): <script>alert(/XSS/)</script>
The XSS will be triggered in any posts (by default), but could also be changed to any pages etc.