Lucene search
Felipe Restrepo Rodriguez and Edison PovedaWPVDB-ID:04CEA9AA-B21C-49F8-836B-2D312253E09AHistoryJun 26, 2023 - 12:00 a.m.
NEX-Forms < 8.4.4 - Authenticated Stored XSS
2023-06-2600:00:00
Felipe Restrepo Rodriguez and Edison Poveda
wpscan.com
4
nex-forms
authenticated stored xss
cross-site scripting
superadmins
multisite
admins
settings
0.0005 Low
EPSS
Percentile
18.1%
The plugin does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins (in multisite) / admins (in single site) can create forms, however there is a settings allowing them to give lower roles access to such feature.
PoC
Create a new form with the following name: " style=animation-name:rotation onanimationstart=alert(/XSS/)// Save it and access the plugin’s dashboard again to trigger the XSS
| CPE | Name | Operator | Version |
|---|---|---|---|
| nex-forms-express-wp-form-builder | lt | 8.4.4 |
Related
cve
cve
CVE-2023-0439
2023-07-17 14:15:09
wpexploit
wpexploit
NEX-Forms < 8.4.4 - Authenticated Stored XSS
2023-06-26 00:00:00
prion
prion
Cross site scripting
2023-07-17 14:15:00
cvelist
cvelist
CVE-2023-0439 NEX-Forms < 8.4.4 - Authenticated Stored XSS
2023-07-17 13:29:58
nvd
nvd
CVE-2023-0439
2023-07-17 14:15:09
wordfence
wordfence