Share
## https://sploitus.com/exploit?id=WPEX-ID:8886EC5F-8465-448F-ADBD-68A3E84C5DEC
1. In the Kofi plugin settings, change the "Button Text" field to: `<img src=x onerror=alert(1)>`
2. Add the [kofi] tag to one of your pages
3. View that page and see the XSS