Home Tools Exploits & CVE's WordPress Contact Form Check Tester 1.0.2 XSS / Access Control

WordPress Contact Form Check Tester 1.0.2 XSS / Access Control

February 2, 2022

572

Authored by 0xB9

WordPress Contact Form Check Tester plugin version 1.0.2 suffers from broken access control and cross site scripting vulnerabilities.

advisories | CVE-2021-24247

Change Mirror Download

# Exploit Title: WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control
# Date: 2/28/2021
# Author: 0xB9
# Software Link: https://wordpress.org/plugins/contact-fo...ck-tester/
# Version: 1.0.2
# Tested on: Windows 10
# CVE: CVE-2021-24247

1. Description:
The plugin settings are visible to all registered users in the dashboard.
A registered user can leave a payload in the plugin settings.

2. Proof of Concept:
- Register an account
- Navigate to the dashboard
- Go to CF7 Check Tester -> Settings
- Add a form
- Add a field to the form
- Put in a payload in either Field selector or Field value  "><script>alert(1)</script>
- Save
Anyone who visits the settings page will execute the payload.

WordPress Contact Form Check Tester 1.0.2 XSS / Access Control

Follow us on Instagram @thecyberpost

EDITOR PICKS

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object...

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Backdoor.Win32.Zxman Code Execution

Horse Market Sell And Rent Portal Script 1.5.7 Cross Site Scripting

Packet Storm New Exploits For January, 2021