Lucene search
Chiragh AroraWPVDB-ID:8E8F6B08-90AB-466A-9828-DCA0C0DA2C9CHistoryMay 16, 2022 - 12:00 a.m.
FormCraft Basic < 1.2.6 - Admin+ Stored Cross Site Scripting
2022-05-1600:00:00
Chiragh Arora
wpscan.com
10
formcraft basic
cross site scripting
admin+ stored.
EPSS
0.001
Percentile
24.8%
The plugin does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PoC
Put the following payload into a Field Label and save: The XSS will be triggered when accessing the form again, as well as in pages/posts where the form is embed
Related
prion
prion
Cross site scripting
2022-06-08 10:15:00
wpexploit
wpexploit
FormCraft Basic < 1.2.6 - Admin+ Stored Cross Site Scripting
2022-05-16 00:00:00
cve
cve
CVE-2022-1647
2022-06-08 10:15:10
cvelist
cvelist
CVE-2022-1647 FormCraft Basic < 1.2.6 - Admin+ Stored Cross Site Scripting
2022-06-06 08:51:13
patchstack
patchstack
cnvd
cnvd
WordPress FormCraft plugin cross-site scripting vulnerability
2022-06-13 00:00:00
nvd
nvd
CVE-2022-1647
2022-06-08 10:15:10