crash.software
Projects
Pull Requests
Issues
Builds
WP-Vulnerabilities-Exploits
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY WP-Vulnerabilities-Exploits Files
🤬
main
..
README.md Loading last commit info...
README.md

WS Form < 1.8.176 - Unauthenticated Stored Cross-Site Scripting

Description

The plugins do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission

Proof of Concept

- Created a basic contact form and publish it

- As an unauthenticated user, go the page/post where the form is embed and put the following payload in the "Your Inquiry" or in "Description" fields: "><img src onerror=alert(/XSS/)>

- The XSS will be triggered when an admin will view the related submission (eg: wp-admin/admin.php?orderby&order&page=ws-form-submit&id=1&paged=1#1)

References

https://wpscan.com/vulnerability/9d5738f9-9a2e-4878-8a03-745894420bf6

Please wait...
Page is in error, reload to recover