logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Visual Form Builder < 3.0.4 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise or escape its Form Name, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed

Proof of Concept

Create a new Form via the plugin, fill it with any values. In the next step, change the Form name to: "/><img src onerror=alert(/XSS/)> and save the form

The XSS will be triggered when viewing the forms list (/wp-admin/admin.php?page=visual-form-builder) or when editing the related form

Affects Plugins

visual-form-builder

Fixed in version 3.0.4

References

CVE

CVE-2021-24514

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

Felipe Restrepo Rodriguez

Submitter

Felipe Restrepo Rodriguez

Submitter website

https://pfelilpe.com

Submitter twitter

Pfelilpe

Verified

Yes

WPVDB ID

0afa78d3-2403-4e0c-8f16-5b7874b03cd2

Timeline

Publicly Published

2021-09-27 (about 3 months ago)

Added

2021-09-27 (about 3 months ago)

Last Updated

2021-09-27 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin