Exploit for Form - Contact Form <= 1.2.4 - Admin+ Stored Cross-Site Scripting CVE-2022-1326

Name: Exploit for Form - Contact Form <= 1.2.4 - Admin+ Stored Cross-Site Scripting CVE-2022-1326
Rating: 5 (93 reviews)

2022-06-03 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:F57615D9-A567-4C2A-9F06-2C6B61F56074
Create/edit a form, add a Custom Text field, put the following payload in it: <script>alert(/XSS/)</script>, save the field and update the form

The XSS will be triggered in page/post where the form is embed