Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
1. Ensure Contact Form 7 is installed, along with this plugin 2. Visit Contact > Ultimate Addons, ensure “Database” is checked, and click Save. 3. Visit Contact > Ultimate DB, select a form, and Submit. 4. In the URL, append the following payload, and see the alert upon loading the new page: &s;=%3Cimg%20src=x%20onerror=alert(/XSS/)%3E
CPE | Name | Operator | Version |
---|---|---|---|
ultimate-addons-for-contact-form-7 | eq | 3.1.29 |