## https://sploitus.com/exploit?id=WPEX-ID:22FA478D-E42E-488D-9B4B-A8720DEC7CEE
1. Install Post SMTP in version <= 2.7.0 and configure it.
2. Send email using any contact form which uses 'wp_mail' function. Include the following payload in the message:
<img src=x onerror=alert(document.domain)>
3. Visit /wp-admin/admin.php?page=postman_email_log (Post SMTP -> Email Log)
4. Click 'View' next to the first record.
5. The message is shown and JavaScript code is executed.