Share
## https://sploitus.com/exploit?id=WPEX-ID:ABA62286-9A82-4D5B-9B47-1FDDDE5DA487
1. Access the "Restrict Usernames Emails Characters" settings
2. For the field "The name of the user_login field in registration form", enter the payload `"><img src=1 onerror=alert(/xss/)>`
3. Click "Save Changes" and see the XSS.