Lucene search
Mohamed AzarudheenWPEX-ID:1B5FCE7E-14FC-4548-8747-96FDD58FDD98HistoryNov 14, 2023 - 12:00 a.m.
Contact Form Email < 1.3.44 - Editor+ Stored Cross-Site Scripting
2023-11-1400:00:00
Mohamed Azarudheen
31
contact form email
editor+
stored cross-site scripting
cross-site scripting
javascript
payload
exploit
security issue
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
1. Create a form and navigate to 'Edit' and 'Settings.'
3. Under the 'On submit action,' select the option to "Stay on the page and display a classic JavaScript alert box with a message."
3. Enter the payload is provided: `</script><script>alert(document.domain)</script>`.
4. Save and publish by visiting the page. It will execute the payload.Related
wpvulndb
wpvulndb
Contact Form Email < 1.3.44 - Editor+ Stored Cross-Site Scripting
2023-11-14 00:00:00
cvelist
cvelist
cve
cve
CVE-2023-5955
2023-12-11 20:15:07
prion
prion
Cross site scripting
2023-12-11 20:15:00
nvd
nvd
CVE-2023-5955
2023-12-11 20:15:07
6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.2%
Related for WPEX-ID:1B5FCE7E-14FC-4548-8747-96FDD58FDD98