1. Login as Admin.
2. Go to http://vulnerable-site.tld/wp-admin/edit.php?post_type=site-review&page=glsr-settings&tab=general
3. Make some changes in the `schema` tab and intercept the request.
4. The form will have the parameter `site_reviews_v6[settings][general][notification_message]`
5. Insert the following payload in it
<strong>A new {review_rating}-star review has been submitted:</strong>


{review_author} <{review_email}> - {review_ip}

6. Hit send and the xss payload will be saved and will be triggered whenever the settings page is open.