header-logo
Suggest Exploit
vendor:
Contact Form to Email
by:
Mohammed Aadhil Ashfaq
5.5
CVSS
MEDIUM
Stored Cross Site Scripting (XSS)
79
CWE
Product Name: Contact Form to Email
Affected Version From: 1.3.24
Affected Version To: 1.3.24
Patch Exists: YES
Related CWE:
CPE: a:wordpress:contact_form_to_email:1.3.24
Metasploit:
Other Scripts:
Platforms Tested: WordPress
2021

WordPress Plugin Contact Form to Email 1.3.24 – Stored Cross Site Scripting (XSS) (Authenticated)

The WordPress plugin Contact Form to Email version 1.3.24 is vulnerable to stored cross-site scripting (XSS) attacks. An authenticated attacker can create a new form with a malicious script as the form name. When the form is published, the XSS payload is executed when the form is accessed.

Mitigation:

To mitigate this vulnerability, it is recommended to update to the latest version of the Contact Form to Email plugin. Additionally, input validation and output encoding should be implemented to prevent XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin Contact Form to Email 1.3.24 - Stored Cross Site Scripting (XSS) (Authenticated)
# Date: 11/11/2021
# Exploit Author: Mohammed Aadhil Ashfaq
# Vendor Homepage: https://form2email.dwbooster.com/
# Version: 1.3.24
# Tested on: wordpress

POC
1. Click Contact form to Email
http://192.168.111.129/wp-admin/admin.php?page=cp_contactformtoemail
2. Create new form name with <script>alert(1)</script>
3. Click Publish
4. XSS has been triggered
http://192.168.111.129/wp-admin/admin.php?page=cp_contactformtoemail&pwizard=1&cal=4&r=0.8630795030649687
5. Open a different browser, logged in with wordpress. Copy the URL and
Press enter. XSS will trigger.

Navigation

Suggest Exploit

Services By CQR