WordPress Contact-Form-7 plugin version 5.1.6 suffers from a cross site scripting vulnerability.
b7f8457df97c1d0fa64129ee1e39d8c2[-] Title : word press plugin contact-form-7 5.1.6 - Cross-Site Scripting
[-] Author : mehran feizi
[-] Vendor : https://wordpress.org/plugins/contact-form-7/
[-] Tested on : Windows
[-] Category : Webapps
[-] Date : 2020-02-17
=====================================================================================================
Vulnerable page :
admin.php
======================================================================================================
Vulnerable Source :
188: isset( $_GET['page'] ) ? trim( $_GET['page'] ) : '',
414: echo echo esc_attr($_REQUEST['page']);
=======================================================================================================
POC :
http://localhost/wp-content/plugins/contact-form-7/admin/admin.php?page=[XSS]
=======================================================================================================
************************
* ==> Contact With We :
* Telegram : @MF0584
* Email : [email protected]
************************