CVE-2021-25079 PoC — WordPress plugin跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-25079.yaml

Associated Vulnerability

Title:WordPress plugin跨站脚本漏洞 (CVE-2021-25079)
Description:WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress 插件存在跨站脚本漏洞，该漏洞源于1.2.4之前的WordPress联系人表单条目插件版本存在一个未经身份验证的持久跨站点脚本漏洞。

Description

The plugin does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page

File Snapshot


 id: CVE-2021-25079

info:
  name: Contact Form Entries < 1.2.4 - Cross-Site Scripting
  author: r3Y3

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!