Exploiting admin_ajax.php

Hello I am doing a CTF and have found this in website source code:

/* <![CDATA[ */

var vulnerable = {

"ajax_url": "/wp-admin/admin-ajax.php",

"nonce": "34dff435f4",

"home_url": "/",

how can i go about exploiting it, ideally getting rce

submitted by /u/therebyRut865
[link] [comments]

from hacking: security in practice https://ift.tt/HNEBXfe