## https://sploitus.com/exploit?id=WPEX-ID:598D5C1B-7930-46A6-9A31-5E08A5F14907
Create/edit a Download and put the following payload in the File Name field: <img src=x:x onerror=alert(/XSS/)>
Download the file via the frontend (as unauthenticated for example)
The XSS will be triggered when viewing the Reports > Logs Page (/wp-admin/edit.php?post_type=download&page=edd-reports&tab=logs)