Vulners
Lucene search
Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
| Reporter | Title | Published | Views | Family All 19 |
|---|---|---|---|---|
 | WordPress Metform Elementor Contact Form Builder 3.1.2 Cross Site Scripting Vulnerability | 7 Feb 202300:00 | – | zdt |
| Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting Vulnerab | 3 Apr 202300:00 | – | zdt |
 | CVE-2023-0084 | 2 Mar 202319:15 | – | attackerkb |
 | CVE-2023-0084 | 2 Mar 202322:34 | – | circl |
 | WordPress plugin Metform Elementor Contact Form Builder 跨站脚本漏洞 | 9 Feb 202300:00 | – | cnnvd |
 | CVE-2023-0084 | 2 Mar 202318:35 | – | cve |
 | CVE-2023-0084 Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting | 2 Mar 202318:35 | – | cvelist |
 | CVE-2023-0084 | 2 Mar 202319:15 | – | nvd |
 | WordPress Metform Elementor Contact Form Builder Plugin < 3.2.0 XSS Vulnerability | 2 Mar 202300:00 | – | openvas |
 | WordPress Metform Elementor Contact Form Builder 3.1.2 Cross Site Scripting | 3 Apr 202300:00 | – | packetstorm |
10
# Exploit Title: Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
# Google Dork: inurl:metform-form intext:textarea|message
# Date: 14/01/2023
# Exploit Author: Mohammed Chemouri (https://de.linkedin.com/in/chemouri)
# Vendor Homepage: https://wpmet.com/plugin/metform/
# Software Link: https://downloads.wordpress.org/plugin/metform.3.1.2.zip
# Version: <= 3.1.2
# Tested on: WordPress version 6.1.1, PHP version 8.0.27 (64bit)
# CVE : CVE-2023-0084
Description:
An unauthenticated attacker can insert a persistent malicious JavaScript
code via the text-area field and because the input is not properly
sanitized the XSS will be executed each time the victim visits the affected
post.
An attacker can steal admin’s session or credentials e.g., using a phishing
attack (display fake login page) and may install a JavaScript backdoor like
the Browser Exploitation Framework (BeeF). ,etc.
Reproduction Steps:
1- Create a new form (using MetForm Elementor widgets) and insert a
text-area field and a submit button then publish the form.
2- Visit the created form (no login needed) and insert the following
JavaScript code in the text-area and submit:
<script>alert(0)</script>
3- By visiting MetForm then Entries from the WP-ADMIN panel and viewing the
inserted post the XSS payload will be executed.
Because there is may bots scanning the web and trying to brute-force
admin's credentials or exploit known vulnerabilities this flaw can be also
automated to steal credentials or do actions on behalf of the logged in
user or even install a JavaScript worm like the Browser Exploitation
Framework (BeeF) and make more than 100,000 websites under a high risk.
Remediation:
All fields must be properly sanitized and escaped before being displayed in
the browser. WordPress already offers an API for this purpose.
For more information please refer to:
https://developer.wordpress.org/apis/security/common-vulnerabilities/
https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.htmlData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Apr 2023 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.16.1 - 7.2
EPSS0.47843
SSVC