## https://sploitus.com/exploit?id=WPEX-ID:795ACAB2-F621-4662-834B-EBB6205EF7DE
As admin, put the following payload in a field label: <img src=x onerror=alert(/XSS/)>
The XSS will be triggered when editing the form, as well as in post/page where the form is embed