WordPress Plugin Vulnerabilities
youForms for WordPress <= 1.0.5 - Authenticated Stored Cross-Site Scripting
Description
The plugin does not sanitise escape the Button Text field of its Templates, allowing high privilege users (editors and admins) to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Proof of Concept
Create/edit a template and put the following payloads in the Button text/Button subtext/Header text/Header subtext fields of the Change button template text/Change template modal text sections: <script>alert(/XSS/)</script> " style=animation-name:rotation onanimationstart=alert(/XSS/)// The XSS will be triggered when viewing the template again in the admin dashboard https://github.com/xiahao90/CVEproject/blob/main/wordpress_youFormsfreeforCopeCart_XSS.md
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
xiahao@webray.com.cn inc
Submitter
xiahao@webray.com.cn inc
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-07-30 (about 2 years ago)
Added
2021-08-19 (about 2 years ago)
Last Updated
2022-04-09 (about 2 years ago)