## https://sploitus.com/exploit?id=WPEX-ID:4D0C60D1-DB5A-4C4F-9BDB-669975AC7210
When adding new items to an accordion, an injection payload of "<!'/*"/*/'/*/"/*--></Script><Image SrcSet=K */; OnError=confirm`1` //>" for an accordion item's title will result in XSS in the wp-admin page as well as on pages that show the accordion.