FormGet Contact Form 5.3 – Stored XSS | Plugin Vulnerabilities

Description

The AJAX action ‘request_response’, defined in formget-contact-form/index.php line 278 is available to any logged in user. The parameter ‘value’ is accepted as valid, so long as the string ‘sideBar’ is found at a position other than 0 (i.e. prefix the payload with a space). The ‘page_id[]’ parameter can be provided in order to specify which pages to display the desired HTML/JS on.

Affects Plugins

formget-contact-form

Fixed in 5.3.1

References

URL

https://g0blin.co.uk/g0blin-00035/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Submitter

James Hooker

Submitter website

https://research.g0blin.co.uk

Submitter twitter

Verified

No

WPVDB ID

7e3cc46c-9bd5-4d72-aaf2-a392523d6ae7

Timeline

Publicly Published

2015-03-07 (about 11 years ago)

Added

2015-03-08 (about 11 years ago)

Last Updated

2019-10-21 (about 6 years ago)

Other

Published

Title

Published

2026-04-06

Title

Media Library Assistant < 3.35 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-08-27

Title

Booking Calendar < 10.14.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-09-09

Title

Starbox < 3.5.3 - Contributor+ Stored XSS

Published

2025-03-18

Title

Snow Storm < 1.4.7 - Admin+ Stored XSS

Published

2023-06-12

Title

Ninja Forms Google Sheet Connector < 1.2.7 - Reflected XSS