Contact Form Clean and Simple < 4.7.1 - Authenticated Stored XSS



Description
The Contact Form Clean and Simple WordPress plugin was vulnerable to Authenticated stored XSS. When a user has admin capabilities, malicious code can be submitted through the plugin's options. This code will then be executed on every page with the contact form on the front-end.
Proof of Concept
By checking the consent checkbox and then adding malicious code to the consent message box, users on the front-end are then subject to this code.  

Video Poc: https://www.youtube.com/watch?v=mKg0TUqEhC8

Affects Plugin

fixed in version 4.7.1

References

URL https://plugins.trac.wordpress.org/changeset/2232279/clean-and-simple-contact-form-by-meg-nicholas
URL https://jrjmulder.nl/plugins/contact-form-clean-and-simple-4-7-0-authenticated-stored-xss/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Jeroen Mulder
Submitter Jeroen Mulder
Submitter Website https://jrjmulder.nl
Views 4488
Verified No
WPVDB ID 10042

Timeline

Publicly Published 2020-01-22 (2 months ago)
Added 2020-01-22 (2 months ago)
Last Updated 2020-02-16 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin