Share
[-] Title : word press plugin contact-form-7 5.1.6 - Cross-Site Scripting  
[-] Author : mehran feizi  
[-] Vendor : https://wordpress.org/plugins/contact-form-7/  
[-] Tested on : Windows  
[-] Category : Webapps  
[-] Date : 2020-02-17  
=====================================================================================================  
Vulnerable page :  
admin.php  
======================================================================================================  
Vulnerable Source :  
188: isset( $_GET['page'] ) ? trim( $_GET['page'] ) : '',  
414: echo echo esc_attr($_REQUEST['page']);  
=======================================================================================================  
POC :  
http://localhost/wp-content/plugins/contact-form-7/admin/admin.php?page=[XSS]  
=======================================================================================================  
************************  
* ==> Contact With We :  
* Telegram : @MF0584  
* Email : mehranfeizi13841384@gmail.com  
************************