Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploit0xB9WPEX-ID:E2990A7A-D4F0-424E-B01D-ECF67CF9C9F3
HistoryApr 10, 2021 - 12:00 a.m.

Contact Form Check Tester <= 1.0.2 - Broken Access Control to Cross-Site Scripting (XSS)

2021-04-1000:00:00
0xB9
261
JSON

The plugin settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin.

Register an account (subscriber role)
Navigate to the dashboard
Go to CF7 Check Tester -> Settings
Add a form, then add a field to the form
Put in a payload in either Field selector or Field value "><script>alert(/XSS/)</script>

Related

prion 1
zdt 1
patchstack 1
packetstorm 1
wpvulndb 1
cve 1
exploitdb 1
prion
prion
Privilege escalation
2021-05-06 13:15:00
zdt
zdt
WordPress Contact Form Check Tester 1.0.2 Plugin - Broken Access Control Vulnerability
2022-02-02 00:00:00
patchstack
patchstack
WordPress Contact Form Check Tester plugin <= 1.0.2 - Cross-Site Scripting (XSS) vulnerability
2021-04-10 00:00:00
packetstorm
packetstorm
WordPress Contact Form Check Tester 1.0.2 XSS / Access Control
2022-02-02 00:00:00
wpvulndb
wpvulndb
Contact Form Check Tester <= 1.0.2 - Broken Access Control to Cross-Site Scripting (XSS)
2021-04-10 00:00:00
cve
cve
CVE-2021-24247
2021-05-06 13:15:00
exploitdb
exploitdb
WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control
2022-02-02 00:00:00
JSON
Related for WPEX-ID:E2990A7A-D4F0-424E-B01D-ECF67CF9C9F3
prion1zdt1patchstack1packetstorm1wpvulndb1cve1exploitdb1