## https://sploitus.com/exploit?id=WPEX-ID:2504DADB-1086-4FA9-8FC7-B93018423515
1. When adding a new course in the plugin settings, all fields are vulnerable to XSS with the payload: <script>alert('xss')</script>
2. Enter the payload into any field and reload the page to see XSS.