With a claimed persistent cross-site scripting vulnerability in the WordPress plugin WP-Invoice, the proof of concept starts with these steps:

…

[Read more]