Share
## https://sploitus.com/exploit?id=WPEX-ID:996D3247-EBDD-49D1-A1A3-CEEDCF9F2F95
Go to settings and change the "Specific CSS classes" field to 123"</script><img src=x onerror=alert(1)>alert(1) (Admins and editors are allowed to use JS in posts/pages/comments/etc, so the unfiltered_html capability should be disallowed when testing for Stored XSS using such roles)