Exploit for Generate PDF using Contact Form 7 < 3.6 - Admin+ Stored Cross-Site Scripting CVE-2022-3070

Name: Exploit for Generate PDF using Contact Form 7 < 3.6 - Admin+ Stored Cross-Site Scripting CVE-2022-3070
Rating: 5 (230 reviews)

2022-08-31 | CVSS 0.5

## https://sploitus.com/exploit?id=WPEX-ID:CD8D71D1-030E-4AD4-866E-75D242883C6C
1 - Install and activate "Generate PDF using Contact Form 7 Version 3.5"
2 - Click on "Contact -> Add new" which is present at left side bar and create test contact form and save it.
3 - Click "Contact -> PDF with CF7" select test contact form from the drop down.
4 - Now add below mentioned xss script  to each and every input field as shown in video poc
"><img src=x onerror=confirm(document.cookie)>
5 - Now Click on Save Changes, once the page loaded completely you will see xss popup with your cookies
6 - Now let's check with another admin user, login with 2nd admin user
9 - Click on the "Contact -> PDF with CF7" which is present at the left side bar and select test contact form from the drop down.
10 - 2nd admin account also gets xss popup with cookies