No CSRF Protection on Add new Fields. Can also Edit and Delete fields the same way.
1.Download csrf_wp-members.html
2.Change URL in html file.(FORM ACTION).
3.Submit Request.
Video POC : https://drive.google.com/file/d/1TuJK0NjxznjTDmoJF5wbGu2vMA_XXikw/view?usp=sharing
HTML_FILE : https://drive.google.com/file/d/131SkyhmXfOZeZV8ph6Y8QOaSVG3WxvdZ/view?usp=sharing