Share
## https://sploitus.com/exploit?id=WPEX-ID:BFBB32AC-9EF9-46DE-8E5E-7D6D6FB868D8
1. On the dashboard, navigate to WP Courses > Courses > Add New > Video Embed Code (iframe) (in the Post settings), inject with <iframe> XSS payload, such as <iframe src="javascript:alert(document.cookie)"></iframe>;  <iframe src="javascript:%61%6c%65%72%74%28%64%6f%63%75%6d%65%6e%74%2e%63%6f%6f%6b%69%65%29"></iframe>

2. Click Update, and to trigger XSS payload, open URL path of course