## https://sploitus.com/exploit?id=WPEX-ID:D0DA4C0D-622F-4310-A867-6BFDB474073A
1. Create a poll and publish a page with a poll.
2. Visit the page with the poll.
3. Using Burp and the Turbo Intruder extension, intercept the poll submission.
4. Send the request to Turbo Intruder using Action > Extensions > Turbo Intruder > Send to turbo intruder.
5. Drop the initial request and turn Intercept off.
6. In the Turbo Intruder window, add the header `S: %s`.
7. Use the code `examples/race.py`.
8. Click "Attack" at the bottom of the window. This will send multiple requests to the server at the exact same moment.
9. Log into the site and visit `/wp-admin/admin.php?page=forminator-reports&form_type=forminator_polls&form_id=5` (replacing the `form_id` parameter with a valid one).
10. Notice that more than one submission has been recorded.
Note that this cannot be replicated on a single-process, single-threaded WordPress server.