WordPress Forminator Plugin CVE-2019-9567

2019-03-0513:56:22

CVE 0day

www.cve0day.com

EPSS

0.001

Percentile

47.7%

JSON

Description

Custom fields of a poll are not properly encoded when showing results of a poll, leading to persistent XSS.

Successful exploitation allows an unauthenticated attacker to execute JavaScript in the context of the application in the name of an attacked user. This in turn enables an attacker to bypass CSRF protection and thus perform any actions the legitimate user can perform, as well as read data which the user can access. An attacker without credentials could for example add new admin users and thus gain full access to WordPress and - depending on the WordPress settings - the server.

Proof of Concept

Prerequisite: create a poll, add a custom input field, publish the poll.

An attacker can place the payload - for example '"><img src> - in the custom input field.

To trigger the payload, view the submissions of the poll.

Request

GET /wordpress/wp-admin/admin.php?page=forminator-entries&form_type=forminator_polls&form_id=138 HTTP/1.1
Host: 192.168.0.103

&lt;label class="sui-label"&gt;test&lt;/label&gt;

WordPress Forminator Plugin CVE-2019-9567最先出现在CVE 0day。

EPSS

0.001

Percentile

47.7%

JSON

Related for CVE0DAY:DCF1A6F7D615B0FA0990A5A4BC3D011A