Lucene search

K
wpvulndbFelipe Restrepo RodriguezWPVDB-ID:0AFA78D3-2403-4E0C-8F16-5B7874B03CD2
HistorySep 27, 2021 - 12:00 a.m.

Visual Form Builder < 3.0.4 - Admin+ Stored Cross-Site Scripting

2021-09-2700:00:00
Felipe Restrepo Rodriguez
wpscan.com
8

0.001 Low

EPSS

Percentile

24.8%

The plugin does not sanitise or escape its Form Name, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed

PoC

Create a new Form via the plugin, fill it with any values. In the next step, change the Form name to: "/> and save the form The XSS will be triggered when viewing the forms list (/wp-admin/admin.php?page=visual-form-builder) or when editing the related form

CPENameOperatorVersion
visual-form-builderlt3.0.4

0.001 Low

EPSS

Percentile

24.8%

Related for WPVDB-ID:0AFA78D3-2403-4E0C-8F16-5B7874B03CD2