## https://sploitus.com/exploit?id=WPEX-ID:941A9AA7-F4B2-474A-84D9-9A74C99079E2
1. Click on "Add New", and select the image popup.
2. Navigate to "Settings" and enable the "Floating Button" option.
3. Enter the XSS payload in the Text field: `<a href=javascript:alert(document.cookie)>Click Here</a>`
4. Clicking on the button will get the popup. This XSS payload works on WordPress Admin.