WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control

vendor:

Contact Form Check Tester

by:

0xB9

5.4

CVSS

MEDIUM

Broken Access Control

284

CWE

Product Name: Contact Form Check Tester

Affected Version From: 1.0.2

Affected Version To: 1.0.2

Patch Exists: NO

Related CWE: CVE-2021-24247

CPE: a:wordpress:contact_form_check_tester

Metasploit:

Other Scripts:

Platforms Tested: Windows 10

2021

WordPress Plugin Contact Form Check Tester 1.0.2 – Broken Access Control

The plugin settings are visible to all registered users in the dashboard. A registered user can leave a payload in the plugin settings. To exploit this vulnerability, a registered user can navigate to the dashboard, go to CF7 Check Tester -> Settings, add a form, add a field to the form, put in a payload in either Field selector or Field value "><script>alert(1)</script> and save. Anyone who visits the settings page will execute the payload.

Mitigation:

Ensure that access control is properly implemented and enforced for all user-facing applications and services.

Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control
# Date: 2/28/2021
# Author: 0xB9
# Software Link: https://wordpress.org/plugins/contact-fo...ck-tester/
# Version: 1.0.2
# Tested on: Windows 10
# CVE: CVE-2021-24247

1. Description:
The plugin settings are visible to all registered users in the dashboard.
A registered user can leave a payload in the plugin settings.

2. Proof of Concept:
- Register an account
- Navigate to the dashboard
- Go to CF7 Check Tester -> Settings
- Add a form
- Add a field to the form
- Put in a payload in either Field selector or Field value  "><script>alert(1)</script>
- Save
Anyone who visits the settings page will execute the payload.