## https://sploitus.com/exploit?id=WPEX-ID:9F0A575F-862D-4F2E-8D25-82C6F58DD11A
1. Configure the plugin to add the first name and last name fields to the form: https://example.com/wp-admin/admin.php?page=caruso_prayer_plugin_settings
2. Add the `[prayer_form]` shortcode to a post or page
3. As a unauthenticated user, fill out the form and enter `"><script>alert(1)</script>` in the "first name" and "last name" fields
4. As an admin, go to: https://example.com/wp-admin/admin.php?page=caruso_prayer_plugin to see the XSS