CVEs-PoC/2017/CVE-2017-20053.md

### [CVE-2017-20053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20053)
![](https://img.shields.io/static/v1?label=Product&message=Contact%20Form%20Manager%20Plugin&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery&color=brightgreen)

### Description

A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

### POC

#### Reference
- https://sumofpwn.nl/advisory/2016/cross_site_request_forgery___cross_site_scripting_in_contact_form_manager_wordpress_plugin.html
- https://vuldb.com/?id.97387

#### Github
- https://github.com/20142995/nuclei-templates