## https://sploitus.com/exploit?id=WPEX-ID:D2588B47-A518-4CB2-A557-2C7EAFFA17E4
1. Navigate AGCA, and select the "Admin Bar" tab.
2. Enter XSS payload in the "Admin bar logo link" field: javascript:alert(document.cookie);
3. Click on "Save Changes", and then click on the WP logo.
4. You will notice a popup with the current session cookie.