Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbVaibhav RajputWPVDB-ID:078F33CD-0F5C-46FE-B858-2107A09C6B69
HistoryMar 20, 2023 - 12:00 a.m.

FluentForms < 4.3.25 - Contributor+ Stored XSS via Custom HTML Form Field

2023-03-2000:00:00
Vaibhav Rajput
wpscan.com
12
fluentforms
stored xss
html form
sanitation
javascript injection

EPSS

0.001

Percentile

21.4%

JSON

The plugin does not properly sanitize and escape the srcdoc attribute in iframes in it’s custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to the form or admins previewing or editing the form.

PoC

As a contributor, create a blank form and add custom html field with the following content in the “Text” tab of the field editor:

Some description about this section

Do not decode the payload. And please ensure that payload is added when editor has Text tab selected. Save the form, it will trigger xss payload.

Related

wpexploit 1
cvelist 1
cve 1
nvd 1
prion 1
wordfence 1
wpexploit
wpexploit
FluentForms < 4.3.25 - Contributor+ Stored XSS via Custom HTML Form Field
2023-03-20 00:00:00
cvelist
cvelist
CVE-2023-0546 FluentForms < 4.3.25 - Contributor+ Stored XSS via Custom HTML Form Field
2023-04-10 13:18:07
cve
cve
CVE-2023-0546
2023-04-10 14:15:08
nvd
nvd
CVE-2023-0546
2023-04-10 14:15:08
prion
prion
Hardcoded credentials
2023-04-10 14:15:00
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 20, 2023 to Mar 26, 2023)
2023-03-30 13:23:16

EPSS

0.001

Percentile

21.4%

JSON
Related for WPVDB-ID:078F33CD-0F5C-46FE-B858-2107A09C6B69
wpexploit1cvelist1cve1nvd1prion1wordfence1