wpforms uses a counter for ENTRY_IDs and seems to be vulnerable against CSRF :(
ENTRY_ID
Once we have obtained a cookie, crawling is trivial…
cp config.sh{,~} edit config.sh~ . config.sh~ && ./download.sh ./merge.sh