The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin.
{"id": "CVE-2021-24247", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-24247", "description": "The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin.", "published": "2021-05-06T13:15:00", "modified": "2021-12-03T19:44:00", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 3.5}, "severity": "LOW", "exploitabilityScore": 6.8, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.3, "impactScore": 2.7}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24247", "reporter": "contact@wpscan.com", "references": ["https://wpscan.com/vulnerability/e2990a7a-d4f0-424e-b01d-ecf67cf9c9f3"], "cvelist": ["CVE-2021-24247"], "immutableFields": [], "lastseen": "2022-03-23T14:50:13", "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:50703"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:165814"]}, {"type": "wpexploit", "idList": ["WPEX-ID:E2990A7A-D4F0-424E-B01D-ECF67CF9C9F3"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:E2990A7A-D4F0-424E-B01D-ECF67CF9C9F3"]}, {"type": "zdt", "idList": ["1337DAY-ID-37302"]}], "rev": 4}, "score": {"value": 4.8, "vector": "NONE"}, "twitter": {"counter": 2, "modified": "2021-05-10T13:22:02", "tweets": [{"link": "https://twitter.com/threatintelctr/status/1392192999967367172", "text": " NEW: CVE-2021-24247 The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user,... (click for more) Severity: MEDIUM https://t.co/EhXaw0XNZ7?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1392192999967367172", "text": " NEW: CVE-2021-24247 The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user,... (click for more) Severity: MEDIUM https://t.co/EhXaw0XNZ7?amp=1"}]}, "backreferences": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:50703"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:165814"]}, {"type": "wpexploit", "idList": ["WPEX-ID:E2990A7A-D4F0-424E-B01D-ECF67CF9C9F3"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:E2990A7A-D4F0-424E-B01D-ECF67CF9C9F3"]}, {"type": "zdt", "idList": ["1337DAY-ID-37302"]}]}, "exploitation": null, "vulnersScore": 4.8}, "_state": {"dependencies": 0}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:mooveagency:contact_form_check_tester:1.0.2"], "cpe23": ["cpe:2.3:a:mooveagency:contact_form_check_tester:1.0.2:*:*:*:*:wordpress:*:*"], "cwe": ["CWE-79"], "affectedSoftware": [{"cpeName": "mooveagency:contact_form_check_tester", "version": "1.0.2", "operator": "le", "name": "mooveagency contact form check tester"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:mooveagency:contact_form_check_tester:1.0.2:*:*:*:*:wordpress:*:*", "versionEndIncluding": "1.0.2", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://wpscan.com/vulnerability/e2990a7a-d4f0-424e-b01d-ecf67cf9c9f3", "name": "https://wpscan.com/vulnerability/e2990a7a-d4f0-424e-b01d-ecf67cf9c9f3", "refsource": "CONFIRM", "tags": ["Exploit", "Third Party Advisory"]}]}
{"patchstack": [{"lastseen": "2022-06-01T19:32:48", "description": "Cross-Site Scripting (XSS) vulnerability discovered by 0xB9 in WordPress Contact Form Check Tester plugin (versions <= 1.0.2).\n\n## Solution\n\n\r\n This plugin has been closed as of March 25, 2021 and is not available for download. This closure is permanent.\r\n ", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-04-10T00:00:00", "type": "patchstack", "title": "WordPress Contact Form Check Tester plugin <= 1.0.2 - Cross-Site Scripting (XSS) vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24247"], "modified": "2021-04-10T00:00:00", "id": "PATCHSTACK:5DF079F78E65742B5116CE726B142340", "href": "https://patchstack.com/database/vulnerability/contact-form-check-tester/wordpress-contact-form-check-tester-plugin-1-0-2-cross-site-scripting-xss-vulnerability", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "wpvulndb": [{"lastseen": "2021-05-12T07:36:45", "description": "The plugin settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin.\n\n### PoC\n\nRegister an account (subscriber role) Navigate to the dashboard Go to CF7 Check Tester -> Settings Add a form, then add a field to the form Put in a payload in either Field selector or Field value \">\n", "cvss3": {}, "published": "2021-04-10T00:00:00", "type": "wpvulndb", "title": "Contact Form Check Tester <= 1.0.2 - Broken Access Control to Cross-Site Scripting (XSS)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-24247"], "modified": "2021-04-12T07:01:21", "id": "WPVDB-ID:E2990A7A-D4F0-424E-B01D-ECF67CF9C9F3", "href": "https://wpscan.com/vulnerability/e2990a7a-d4f0-424e-b01d-ecf67cf9c9f3", "sourceData": "", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "zdt": [{"lastseen": "2022-02-10T00:00:00", "description": "", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2022-02-02T00:00:00", "type": "zdt", "title": "WordPress Contact Form Check Tester 1.0.2 Plugin - Broken Access Control Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24247"], "modified": "2022-02-02T00:00:00", "id": "1337DAY-ID-37302", "href": "https://0day.today/exploit/description/37302", "sourceData": "# Exploit Title: WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control\n# Author: 0xB9\n# Software Link: https://wordpress.org/plugins/contact-fo...ck-tester/\n# Version: 1.0.2\n# Tested on: Windows 10\n# CVE: CVE-2021-24247\n\n1. Description:\nThe plugin settings are visible to all registered users in the dashboard.\nA registered user can leave a payload in the plugin settings.\n\n2. Proof of Concept:\n- Register an account\n- Navigate to the dashboard\n- Go to CF7 Check Tester -> Settings\n- Add a form\n- Add a field to the form\n- Put in a payload in either Field selector or Field value \"><script>alert(1)</script>\n- Save\nAnyone who visits the settings page will execute the payload.\n", "sourceHref": "https://0day.today/exploit/37302", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "packetstorm": [{"lastseen": "2022-02-10T00:00:00", "description": "", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2022-02-02T00:00:00", "type": "packetstorm", "title": "WordPress Contact Form Check Tester 1.0.2 XSS / Access Control", "bulletinFamily": "exploit", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24247"], "modified": "2022-02-02T00:00:00", "id": "PACKETSTORM:165814", "href": "https://packetstormsecurity.com/files/165814/WordPress-Contact-Form-Check-Tester-1.0.2-XSS-Access-Control.html", "sourceData": "`# Exploit Title: WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control \n# Date: 2/28/2021 \n# Author: 0xB9 \n# Software Link: https://wordpress.org/plugins/contact-fo...ck-tester/ \n# Version: 1.0.2 \n# Tested on: Windows 10 \n# CVE: CVE-2021-24247 \n \n1. Description: \nThe plugin settings are visible to all registered users in the dashboard. \nA registered user can leave a payload in the plugin settings. \n \n2. Proof of Concept: \n- Register an account \n- Navigate to the dashboard \n- Go to CF7 Check Tester -> Settings \n- Add a form \n- Add a field to the form \n- Put in a payload in either Field selector or Field value \"><script>alert(1)</script> \n- Save \nAnyone who visits the settings page will execute the payload. \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/165814/wpcfct102-xssaccess.txt", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "wpexploit": [{"lastseen": "2021-05-12T07:36:45", "description": "The plugin settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin.\n", "cvss3": {}, "published": "2021-04-10T00:00:00", "type": "wpexploit", "title": "Contact Form Check Tester <= 1.0.2 - Broken Access Control to Cross-Site Scripting (XSS)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2021-24247"], "modified": "2021-04-12T07:01:21", "id": "WPEX-ID:E2990A7A-D4F0-424E-B01D-ECF67CF9C9F3", "href": "", "sourceData": "Register an account (subscriber role)\r\nNavigate to the dashboard\r\nGo to CF7 Check Tester -> Settings\r\nAdd a form, then add a field to the form\r\nPut in a payload in either Field selector or Field value \"><script>alert(/XSS/)</script>", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "exploitdb": [{"lastseen": "2022-05-13T17:33:15", "description": "", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2022-02-02T00:00:00", "type": "exploitdb", "title": "WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control", "bulletinFamily": "exploit", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["2021-24247", "CVE-2021-24247"], "modified": "2022-02-02T00:00:00", "id": "EDB-ID:50703", "href": "https://www.exploit-db.com/exploits/50703", "sourceData": "# Exploit Title: WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control\r\n# Date: 2/28/2021\r\n# Author: 0xB9\r\n# Software Link: https://wordpress.org/plugins/contact-fo...ck-tester/\r\n# Version: 1.0.2\r\n# Tested on: Windows 10\r\n# CVE: CVE-2021-24247\r\n\r\n1. Description:\r\nThe plugin settings are visible to all registered users in the dashboard.\r\nA registered user can leave a payload in the plugin settings.\r\n\r\n2. Proof of Concept:\r\n- Register an account\r\n- Navigate to the dashboard\r\n- Go to CF7 Check Tester -> Settings\r\n- Add a form\r\n- Add a field to the form\r\n- Put in a payload in either Field selector or Field value \"><script>alert(1)</script>\r\n- Save\r\nAnyone who visits the settings page will execute the payload.", "sourceHref": "https://www.exploit-db.com/download/50703", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}]}
CVE-2021-24247
