Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbYoru OniWPVDB-ID:90B8AF99-E4A1-4076-99FA-EFE805DD4BE4
HistoryJan 05, 2022 - 12:00 a.m.

Contact Form & Lead Form Elementor Builder < 1.7.0 - Multiple Admin+ Stored Cross-Site Scripting

2022-01-0500:00:00
Yoru Oni
wpscan.com
3

0.0004 Low

EPSS

Percentile

14.2%

JSON

The plugin does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

PoC

Create/Edit a form and put the following payload in a Filed Name or Default Value; “style=animation-name:rotation onanimationstart=alert(/XSS/)// yo=”

CPENameOperatorVersion
lead-form-builderlt1.7.0

Related

cve 1
patchstack 1
prion 1
nvd 1
wpexploit 1
cvelist 1
cve
cve
CVE-2022-23179
2024-01-16 16:15:09
patchstack
patchstack
WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.6.9 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities
2022-01-05 00:00:00
prion
prion
Cross site scripting
2024-01-16 16:15:00
nvd
nvd
CVE-2022-23179
2024-01-16 16:15:09
wpexploit
wpexploit
Contact Form & Lead Form Elementor Builder < 1.7.0 - Multiple Admin+ Stored Cross-Site Scripting
2022-01-05 00:00:00
cvelist
cvelist
CVE-2022-23179 Contact Form & Lead Form Elementor Builder < 1.7.0 - Multiple Admin+ Stored Cross-Site Scripting
2024-01-16 15:52:09

0.0004 Low

EPSS

Percentile

14.2%

JSON
Related for WPVDB-ID:90B8AF99-E4A1-4076-99FA-EFE805DD4BE4
cve1patchstack1prion1nvd1wpexploit1cvelist1