## https://sploitus.com/exploit?id=WPEX-ID:F29F68A5-6575-441D-98C9-867145F2B082
1- As a Lowest Privilege user go to the edit account page of the LMS (e.g https://example.com/my-courses/edit-account/)
2- Put Your XSS payload in State parameter and save your edits, such as "><script>alert(/XSS/)</script>
3- The XSS will be stored and triggered in the about section of the profile: (e.g https://example.com/directory/[user_name]/)
(Note: WPScanTeam): The XSS will also be triggered in the admin dashboard when viewing the user details, for example https://example.com/wp-admin/admin.php?page=llms-reporting&tab=students&stab=information&student_id=2