Share
## https://sploitus.com/exploit?id=WPEX-ID:5D52B68F-FACA-4572-BB84-ECB733EECBE7
Just don't send the parameters: $_POST['nonce'] or $_REQUEST['nonce']

=================================

File: redux-core/inc/classes/class-redux-admin-notices.php

if ( isset( $_POST['nonce'] ) && ! wp_verify_nonce( sanitize_key( wp_unslash( $_POST['nonce'] ) ), $id . $userid . 'nonce' ) ) {
	die( 0 );
}

=================================

File: redux-core/inc/classes/class-redux-ajax-save.php

Content: 

if ( isset( $_REQUEST['nonce'] ) && ! wp_verify_nonce( sanitize_key( wp_unslash( $_REQUEST['nonce'] ) ), 'redux_ajax_nonce' . $this->args['opt_name'] ) ) {
	echo wp_json_encode(...

	die();
}