Share
## https://sploitus.com/exploit?id=WPEX-ID:0ED423DD-4A38-45E0-8645-3F4215A3F15C
As admin, enable the 'Floating Sidebar' (/wp-admin/admin.php?page=dpsp-toolkit), then put the payload below in the 'Twitter Username' Settings of the plugin, and enable the 'Add Twitter Username to all tweets' settings as well

"><img src=xss onerror=alert('XSS') />

The XSS will be triggered when accessing the Floating Sidebar page (/wp-admin/admin.php?page=dpsp-sidebar)