0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting Vulnerab
Author
Risk
[
Security Risk Medium
]0day-ID
Category
Date add
CVE
Platform
# Exploit Title: Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS) # Google Dork: inurl:metform-form intext:textarea|message # Exploit Author: Mohammed Chemouri (https://de.linkedin.com/in/chemouri) # Vendor Homepage: https://wpmet.com/plugin/metform/ # Software Link: https://downloads.wordpress.org/plugin/metform.3.1.2.zip # Version: <= 3.1.2 # Tested on: WordPress version 6.1.1, PHP version 8.0.27 (64bit) # CVE : CVE-2023-0084 Description: An unauthenticated attacker can insert a persistent malicious JavaScript code via the text-area field and because the input is not properly sanitized the XSS will be executed each time the victim visits the affected post. An attacker can steal admin’s session or credentials e.g., using a phishing attack (display fake login page) and may install a JavaScript backdoor like the Browser Exploitation Framework (BeeF). ,etc. Reproduction Steps: 1- Create a new form (using MetForm Elementor widgets) and insert a text-area field and a submit button then publish the form. 2- Visit the created form (no login needed) and insert the following JavaScript code in the text-area and submit: <script>alert(0)</script> 3- By visiting MetForm then Entries from the WP-ADMIN panel and viewing the inserted post the XSS payload will be executed. Because there is may bots scanning the web and trying to brute-force admin's credentials or exploit known vulnerabilities this flaw can be also automated to steal credentials or do actions on behalf of the logged in user or even install a JavaScript worm like the Browser Exploitation Framework (BeeF) and make more than 100,000 websites under a high risk. Remediation: All fields must be properly sanitized and escaped before being displayed in the browser. WordPress already offers an API for this purpose. For more information please refer to: https://developer.wordpress.org/apis/security/common-vulnerabilities/ https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html # 0day.today [2024-10-05] #