## https://sploitus.com/exploit?id=WPEX-ID:ADF09E29-BAF5-4426-A281-6763C107D348
As a user with the author role, go to Media > Library and create a new folder with the following payload: "><img src onerror=alert(/XSS/)>
Then Add a new media (via Media > Add new), select the created folder with the payload, and upload a file, which will trigger the XSS. Any user using the malicious folder to upload files will have the XSS trigger