## https://sploitus.com/exploit?id=WPEX-ID:C2DEFD30-7E4C-4A28-8A68-282429061F3F
As admin, add/edit a sharing method ("Giveaways" > "Settings" > "Sharing Method"), and put the following payload in the Method Title field: <script>alert(/XSS/)</script><img src onerror=alert(/XSS2/)>
As Unauthenticated or authenticated user, go to a giveaway page in the frontend ( date one as admin if there is none yet) and enter it by giving an email. The XSS will be triggered afterwards