With the help of breakdance XSS any user can trick the admin user to execute PHP code without them knowing it. The code is written by the Editor (or any other user role) and later executed unknowingly by the administrator.
Demo of Stored Cross-Site Scripting in Breakdance
Emil Tragardh @ youtube.com • 8 months ago