## https://sploitus.com/exploit?id=WPEX-ID:8C6F3E3E-3047-4446-A190-750A60C29FA3
1. As an "author" level user, add a new watermark: https://example.com/wp-admin/post-new.php?post_type=watermark
2. For the field "watermark text" field, enter the payload: `"><script>alert(1)</script>`
3. Save and see the XSS