WPForms < 1.5.9 - Authenticated Cross Site Scripting (XSS)



Description
Popular WordPress plugin, WPForms was found to be vulnerable to authenticated stored XSS.

Issue reported to the WPForms team on February 18th, 2020.

Affects Plugin

References

CVE 2020-10385
PacketStorm 156874
URL https://www.getastra.com/blog/911/plugin-exploit/stored-xss-vulnerability-found-in-wpforms-plugin/
URL https://www.jinsonvarghese.com/stored-xss-vulnerability-found-in-wpforms-plugin/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Jinson Varghese Behanan
Submitter Jinson Varghese Behanan
Submitter Website https://www.jinsonvarghese.com
Submitter Twitter JinsonCyberSec
Views 3867
Verified No
WPVDB ID 10114

Timeline

Publicly Published 2020-03-05 (3 months ago)
Added 2020-03-05 (3 months ago)
Last Updated 2020-03-26 (2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin