PoC of CVE-2019-9787 CSRF
WordPress Version 5.0
refference
Do not use this except for test purpose.
$ docker-compose up -d
- access http://localhost:8080/ and install WordPress. you only have to create WP admin account.
- access http://localhost:8080/?p=1#comments as a visitor, and post comment like "csrf site: http://localhost/".
you'll see the comment "csrf success" is posted by user you currently logged in.