You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Word Press Product Bugs Report
Bug Name XSS (Cross Site Scripting)
Software: Fast Secure Contact Form plugin
Version: 4.0.37
Last Updated: 21-08-2015
Homepage: https://wordpress.org/plugins/si-contact-form/
Compatible Up to Wordpress 4.3.0 Version (Requires: 3.4.2 or higher)
Severity High
Description: XSS vulnerability in WordPress plugin Fast Secure Contact Form
Changelog: https://wordpress.org/plugins/si-contact-form/changelog/
Fill all the variables with <script>alert(document.cookie);</script> payload and save it to view further.
Now, the added XSS payload will be executed whenever the user reviews it.
Timeline
05-09-2015 – Discovered in Fast Secure Contact Form plugin 4.0.37 Version
07-09-2015 – Reported to WP Plugin
07-09-2015 – WP Plugin responded, "Thank you for reporting this plugin. We're looking into it right now."
08-09-2015 – Fixed in 4.0.38 version of Fast Secure Contact Form plugin
Details
Word Press Product Bugs Report
Bug Name XSS (Cross Site Scripting)
Software: Fast Secure Contact Form plugin
Version: 4.0.37
Last Updated: 21-08-2015
Homepage: https://wordpress.org/plugins/si-contact-form/
Compatible Up to Wordpress 4.3.0 Version (Requires: 3.4.2 or higher)
Severity High
Description: XSS vulnerability in WordPress plugin Fast Secure Contact Form
Changelog: https://wordpress.org/plugins/si-contact-form/changelog/
Proof of concept
Visit the following page on a site with this plugin installed. http://yourwordpresssite.com/wordpress/wp-admin/plugins.php?page=si-contact-form%2Fsi-contact-form.php&fscf_form=1&fscf_tab=1 and modify the value of fs_contact_form1[welcome] variable with
<script>alert(document.cookie);</script>payload and send the request to the server.Now, the added XSS payload will be echoed back from the server without validating the input whenever we visit the script stored page.
Note: XSS payload has been tried with the application once after implementing Unfiltered Html Settings as defined to wp-config.php file.
define( 'DISALLOW_UNFILTERED_HTML', true );
Issue 1:
POST request parameter fs_contact_form1[welcome] variable in the given URL http://yourwordpresssite.com/wordpress/wp-admin/plugins.php?page=si-contact-form%2Fsi-contact-form.php&fscf_form=1&fscf_tab=1 of Fast Secure Contact Form 4.0.37 is vulnerable to Cross Site Scripting (XSS)
Figure 1: XSS Payload injected to fs_contact_form1[welcome] variable in the given URL http://yourwordpresssite.com/wordpress/wp-admin/plugins.php?page=si-contact-form%2Fsi-contact-form.php&fscf_form=1&fscf_tab=1
Figure 2: XSS Payload executed in the browser whenever the user views it.
Reproducing Steps
<script>alert(document.cookie);</script>payload and save it to view further.Timeline
05-09-2015 – Discovered in Fast Secure Contact Form plugin 4.0.37 Version
07-09-2015 – Reported to WP Plugin
07-09-2015 – WP Plugin responded, "Thank you for reporting this plugin. We're looking into it right now."
08-09-2015 – Fixed in 4.0.38 version of Fast Secure Contact Form plugin
Discovered by:
Sathish from Cyber Security Works Pvt Ltd
The text was updated successfully, but these errors were encountered: