0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
WordPress Metform Elementor Contact Form Builder 3.1.2 Cross Site Scripting Vulnerability
Author
Risk
[
Security Risk Medium
]0day-ID
Category
Date add
CVE
Platform
Affected Plugin: Metform Elementor Contact Form Builder Plugin Slug: metform Affected Versions: <= 3.1.2 CVE ID: CVE-2023-0084 CVSS Score: 7.2 (High) CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N Researcher/s: Mohammed El Amin, Chemouri Fully Patched Version: 3.2.0 The Metform Elementor Contact Form Builder plugin allows site builders to create highly functional contact forms. Unfortunately, vulnerable versions of the Metform plugin fail to escape submitted form entries when displaying them in the admin panel. This meant that any site visitor could fill out a contact form with malicious JavaScript, and that the script would execute in the browser of any administrator viewing that form entry. While sanitizing input may also have helped, escaping output is much more important for preventing Cross-Site Scripting as bypasses are far less common. The patched version updated the format_form_data function to escape the output form data in order to address this issue. An attacker able to execute JavaScript in the browser of an administrator can use it to take over a website via several methods, including by adding a new malicious administrator or injecting a backdoor into a plugin or theme on the site. Unauthenticated Stored Cross-Site Scripting vulnerabilities are the most dangerous variant of Cross-Site Scripting for WordPress sites as they are much easier for attackers to automatically exploit en masse without needing an existing user account. Timeline January 4, 2023 - Mohammed Chemouri responsibly discloses the vulnerability to the plugin vendor and our Vulnerability Disclosure program. January 8, 2023 - A patched version of the Metform plugin, 3.2.0, is made available. February 3, 2023 - The Wordfence Threat Intelligence team discovers a potential bypass of the existing Cross-Site Scripting rule and releases an additional firewall rule to Wordfence Premium, Care, and Response sites. March 5, 2023 - The firewall rule becomes available to Wordfence free users. Conclusion In today’s post we detailed an unauthenticated stored Cross-Site Scripting vulnerability in the Metform plugin discovered and responsibly disclosed by independent security researcher Mohammed Chemouri. The Wordfence firewall’s built-in Cross-Site Scripting protection should provide coverage for all Wordfence users including those using Wordfence free. While we did find a potential bypass and deploy an additional rule to coverit, we have not seen this vulnerability exploited at a large scale in the wild, and have not seen any instances of the bypass being exploited. Nonetheless, we strongly recommend updating to the latest version of the Metform Elementor Contact Form Builder plugin, which is 3.2.1 at the time of this writing. If you believe your site has been compromised as a result of this vulnerability or any other vulnerability, we offer Incident Response services via Wordfence Care. If you need your site cleaned immediately, Wordfence Response offers the same service with 24/7/365 availability and a 1-hour response time. Both of these products include hands-on support in case you need further assistance. If you have any friends or colleagues who are using this plugin, please share this announcement with them and encourage them to update to the latest patched version of Metform Elementor Contact Form Builder as soon as possible. If you are a security researcher, you can responsibly disclose your finds to us and obtain a CVE ID and get your name on the Wordfence Intelligence Community Edition leaderboard. # 0day.today [2024-11-15] #