Authored by Mohammed Aadhil Ashfaq

WordPress Contact Form to Email plugin version 1.3.24 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: WordPress Plugin Contact Form to Email 1.3.24 - Stored Cross Site Scripting (XSS) (Authenticated)
# Date: 11/11/2021
# Exploit Author: Mohammed Aadhil Ashfaq
# Vendor Homepage:
# Version: 1.3.24
# Tested on: wordpress

1. Click Contact form to Email
2. Create new form name with <script>alert(1)</script>
3. Click Publish
4. XSS has been triggered
5. Open a different browser, logged in with wordpress. Copy the URL and
Press enter. XSS will trigger.