1. Install and activate this plugin - https://wordpress.org/plugins/user-registration/.
2. Click "Add Form" under the plugin options.
4. Copy the shortcode generated for the form, go to the "Page" tab, create a new page, paste the shortcode, publish the page, and visit it.
5. Now, fill out the form with any dummy data and click "Submit."
6. This will create a new user and trigger the XSS vulnerability.