## https://sploitus.com/exploit?id=WPEX-ID:FA7E2B64-CA48-4B76-A2C2-F5E31E42EAB7
Create a .txt file and the below line there:
$ echo "<script>alert(/XSS/)</script>"
Make a logged in admin import the file (via "WP CSV" > "Import") to trigger the XSS
The attack could also be performed via CSRF