WordPress WPForms-Lite 1.5.8.2 Cross Site Scripting

WordPress WPForms-Lite plugin version 1.5.8.2 suffers from a cross site scripting vulnerability.


MD5 | 944ecdb044dbe08019b3254c5ca78a02

[-] Title : word press plugin wpforms-lite 1.5.8.2 - Cross-Site Scripting
[-] Author : MEHRAN_FEIZI
[-] Software Link : https://wordpress.org/plugins/wpforms-lite/
[-] Version: [ 1.5.8.2 ]
[-] Tested on : Windows
[-] Category : Webapps
[-] Date : 2020-02-20
==============================================================================================
Vulnerable page :
wpforms-lite/includes/providers/class-base.php
===============================================================================================
Vulnerable Source :
1071 : echo echo absint($_GET['form_id']);
================================================================================================
POC :
http://localhost/wp-content/plugins/wpforms-lite/includes/providers/class-base.php?form_id=[XSS]
================================================================================================
************************
* ==> Contact With We :
* Telegram : @MF0584
* Email : [email protected]
************************

Related Posts