## https://sploitus.com/exploit?id=WPEX-ID:C450F54A-3372-49B2-8AD8-68D5CC0DD49E
1. Login to WordPress as an Administrator
2. Install and Activate plugin "WP Customer Reviews"
3. Click on "Reviews > Plugin Settings > Review Form Settings"
4. Insert the XSS payload (my XSS payload: <img src=x onerror=alert(1)>) into any field at "Standard fields on reviews" or/and "Custom fields on reviews", then click on "Save Changes".
5. Go to any post where Reviews are enabled to trigger the XSS