WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WordPress Contact Forms by Cimatti < 1.4.12 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.

Proof of Concept

1. go to Forms.
2. go to Add New Form
3. In th title put <script>alert("Ehlo");</script>
4. Save setting and then go to the urls: https://example.com/wp-admin/admin.php?page=accua_forms_submissions_list and https://example.com/wp-admin/admin.php?page=accua_forms_list

Affects Plugins

contact-forms
Fixed in version 1.4.12

References

CVE
CVE-2021-24744

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Felipe Restrepo Rodriguez, Sebastian Cruz Cardona

Submitter

Sebastian Cruz Cardona

Submitter website
https://pfelilpe.com
Verified

Yes

WPVDB ID
702a4283-1fd6-4186-9db7-6ad387d714ea

Timeline

Publicly Published

2021-09-27 (about 1 years ago)

Added

2021-09-27 (about 1 years ago)

Last Updated

2022-04-08 (about 9 months ago)

Our Other Services

WPScan WordPress Security Plugin