logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Form Builder < 1.9.8.4 - Authenticated Stored Cross-Site Scripting

Description

The plugin does not sanitise or escape its Form Title, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed

Proof of Concept

Create a new Form via the plugin, go to Form Settings then add the following payload in the Title field: "><img src onerror=alert(1)> and save the form

The XSS will be triggered when viewing/editing the form in the admin dashboard

Affects Plugins

contact-form-add

Fixed in version 1.9.8.4

References

CVE

CVE-2021-24513

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

Felipe Restrepo Rodriguez

Submitter

Felipe Restrepo Rodriguez

Submitter website

https://pfelilpe.com

Submitter twitter

Pfelilpe

Verified

Yes

WPVDB ID

a1dc0ea9-51dd-43c3-bfd9-c5106193aeb6

Timeline

Publicly Published

2021-08-09 (about 2 months ago)

Added

2021-08-09 (about 2 months ago)

Last Updated

2021-08-09 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin