## https://sploitus.com/exploit?id=WPEX-ID:73DB1EE8-06A2-41B6-B287-44E25F5F2E58
1. Create a contact form
2. Embed the contact form shortcode on a post or page.
3. As an Unauthitncated user, inject the inputs for a malicious script such as
`<script>alert("MalekAlthubiany")</script>` into the name field
4. Go to the "Leads" section as an admin
5. See the XSS