Share
## https://sploitus.com/exploit?id=WPEX-ID:9F2F3F85-6812-46B5-9175-C56F6852AFD7
1. In the plugin's settings, click on Add Channel and select a custom channel.
2. Custom Channel link.
3. Paste/type javascript code `javascript:alert(document.cookie);`
4. Click on Save/Update
5. Open the site and click on the link to see the XSS.

Other vulnerable fields include:

- Custom Iframe - iFrame URL: `javascript:alert(document.cookie);`
- Gmap - Google maps embed code: `<img src=x onerror=confirm(/XSS/)>`
- FAQ -  FAQ Title: `<img src=x onerror=confirm(/XSS/)>`
- Knowledge base - Knowledge Base title: `<img src=x onerror=confirm(/XSS/)>`