## https://sploitus.com/exploit?id=WPEX-ID:12766537-DF59-49D6-815A-4D68265A4C4A
1. Create/edit a Post Type via the plugin (wp-admin/admin.php?page=cptc-page) and put the following payload in the "Singular Label" and "Plural Label" fields: <img src onerror=alert(/XSS/)>
The XSS will be triggered in all backend pages.
2. Create/edit a taximony via the plugin (/wp-admin/admin.php?page=ctc-page), put the following payload in the "Singular Label" and "Plural Label" fields: <img src onerror=alert(/XSS/)>, then tick the Attach to 'Post'
The XSS will be triggered when accessing the related taximony via the Post menu (e.g /wp-admin/edit-tags.php?taxonomy=b)