mirror of
https://github.com/0xMarcio/cve.git
synced 2026-06-03 08:48:00 +02:00
0xMarcio
968 B
968 B
CVE-2020-11516
Description
Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wp_ajax_cf7dp_save_settings AJAX action and the ui_theme parameter. If an administrator creates or modifies a contact form, the JavaScript will be executed in their browser, which can then be used to create new administrative users or perform other actions using the administrator's session.
POC
Reference
No PoCs from references.