Share
## https://sploitus.com/exploit?id=WPEX-ID:42127D96-547F-46CB-95D0-A19A8FE7580E
Put the following payload in the Misc > No Access Message setting of the plugin: <script>alert(/XSS/);</script>

The XSS will be triggered when accessing a quote without enough privileges