Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitVaibhav RajputWPEX-ID:078F33CD-0F5C-46FE-B858-2107A09C6B69
HistoryMar 20, 2023 - 12:00 a.m.

FluentForms < 4.3.25 - Contributor+ Stored XSS via Custom HTML Form Field

2023-03-2000:00:00
Vaibhav Rajput
60
fluentforms
stored xss
contributor
custom html
form field
text tab
exploit

0.001 Low

EPSS

Percentile

21.6%

JSON

The plugin does not properly sanitize and escape the srcdoc attribute in iframes in it’s custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to the form or admins previewing or editing the form.

As a contributor, create a blank form and add custom html field with the following content in the "Text" tab of the field editor:

<p>Some description about this section</p><p><iframe srcdoc="&#x3C;script&#x3E;alert(document.cookie)&#x3C;/script&#x3E;"></iframe></p>

Do not decode the payload. And please ensure that payload is added when editor has Text tab selected. Save the form, it will trigger xss payload.

Related

wpvulndb 1
prion 1
nvd 1
cve 1
cvelist 1
wordfence 1
wpvulndb
wpvulndb
FluentForms < 4.3.25 - Contributor+ Stored XSS via Custom HTML Form Field
2023-03-20 00:00:00
prion
prion
Hardcoded credentials
2023-04-10 14:15:00
nvd
nvd
CVE-2023-0546
2023-04-10 14:15:08
cve
cve
CVE-2023-0546
2023-04-10 14:15:08
cvelist
cvelist
CVE-2023-0546 FluentForms < 4.3.25 - Contributor+ Stored XSS via Custom HTML Form Field
2023-04-10 13:18:07
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 20, 2023 to Mar 26, 2023)
2023-03-30 13:23:16

0.001 Low

EPSS

Percentile

21.6%

JSON
Related for WPEX-ID:078F33CD-0F5C-46FE-B858-2107A09C6B69
wpvulndb1prion1nvd1cve1cvelist1wordfence1