## https://sploitus.com/exploit?id=WPEX-ID:5CD846DF-1D8B-488D-A691-B76850E8687A
Add a new font (Tools --> Local Fonts --> Add Font, need to have at least one font for the 'Add Font' to show up), put the following payload in the Class Name field (will trigger a self-XSS): <script>alert(/XSS/)</script> and save the change. The XSS will be triggered on the plugin's settings page (/wp-admin/tools.php?page=fsflex-local-fonts)