Share
## https://sploitus.com/exploit?id=WPEX-ID:8816D4C1-9E8E-4B6F-A36A-10A98A7CCFCD
1. Go to https://example.com/wp-admin/admin.php?page=kanban_settings#tab-statuses.

2. Click the button "Add another status".

3. Name of the status should be: <script>alert(1)</script>, and save your settings.

4. Go to https://example.com/wp-admin/admin.php?page=kanban_settings#tab-users, and check every user under Allowed Users.

5. As any user, go to https://example.com/?board_id=1&kanban=board, and XSS will be triggered for any logged-in user.