WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Visual Form Builder < 3.0.4 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise or escape its Form Name, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed

Proof of Concept

Create a new Form via the plugin, fill it with any values. In the next step, change the Form name to: "/><img src onerror=alert(/XSS/)> and save the form

The XSS will be triggered when viewing the forms list (/wp-admin/admin.php?page=visual-form-builder) or when editing the related form

Affects Plugins

visual-form-builder
Fixed in version 3.0.6

References

CVE
CVE-2021-24514

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Felipe Restrepo Rodriguez

Submitter

Felipe Restrepo Rodriguez

Submitter website
https://pfelilpe.com
Submitter twitter
Pfelilpe
Verified

Yes

WPVDB ID
0afa78d3-2403-4e0c-8f16-5b7874b03cd2

Timeline

Publicly Published

2021-09-27 (about 1 years ago)

Added

2021-09-27 (about 1 years ago)

Last Updated

2022-04-14 (about 9 months ago)

Our Other Services

WPScan WordPress Security Plugin