## https://sploitus.com/exploit?id=WPEX-ID:7C39F3B5-D407-4EB0-AA34-B498FE196C55
1. Upload an H5P archive containing a malicious SVG file w/an XSS
2. Example: https://drive.google.com/file/d/1DNZmv-at_HPtDeYr8ExjRrekHSUOaGzh/view?usp=sharing
3. Once the upload is finished, users will be able to access the malicious SVG directly, triggering an XSS