Here you will find plugins that you should NEVER build yourself. In them are a range of security exploits including cross-site scripting (XSS), cross site request forgery (CSRF), and privilege escalation attacks targeted at WordPress' options.
To use these you will need to put them into your wp-contents folder just like any other plugin. From there I recommend getting Postman. Included in this repo is a Postman Collection json file that will allow you to import all the nefarious requests. All you will need to do is change the url to your own site
Please do not install these plugins on any site you care about and especially one that is openly connected to the broad internet. They have vulnerabilities which can wreck havoc on any site they're on. These are for educational purposes only. If you want to use these on a real site, you assume ALL risk associated with it.