Share
## https://sploitus.com/exploit?id=1337DAY-ID-37926
## Title: WordPress 6.0 - Bypass POST comment approvement Robo Gallery 3.2.1 
## Author: nu11secur1ty
## Vendor: https://wordpress.org/
## Software: https://wordpress.org/plugins/robo-gallery/
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/RoboGallery

## Description:
Bypass POST comment approvement Robo Gallery 3.2.1
A malicious lure can be approved by the administrator of the system. The POST comment, in this case, will be compromised by not sanitizing well, for malicious POST requests which use protocols HTTP, HTTPS and etc.
The malicious user can wait to be approved by the administrator and then he can POST upload very malicious URLs.
and etc. Note: Every POST from outside broadcasting users MUST be blocked automatically for approval from a live person, or function intended for this! 
As much as possible if you use a function, for example: Linkedin!

[+] Payloads:

```
%68%74%74%70%73%3a%2f%2f%70%6f%72%6e%68%75%62%2e%63%6f%6d%2f

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/RoboGallery)

## Proof and Exploit:
[href](https://streamable.com/rk09oh)