## https://sploitus.com/exploit?id=WPEX-ID:C7AB736D-27C4-4EC5-9681-A3F0DDA86586
1. Create a user with role 'subscriber'
2. Install WP Prayer 1.5.5 and create a page with a [wp-prayer-engine form] and a page with [wp-prayer-engine]
2. Log into the website with the subcriber user
3. Go to the page [wp-prayer-engine form] and fill in the fields
4. In the 'prayer request' field put the following: <script>alert("XSS")</script>
5. Submit the form
6. Go to the page with the [wp-prayer-engine] or the "Manage Prayers" admin dashboard (wp-admin/admin.php?page=wpe_manage_prayer)
7. XSS payload will be triggered