.. / CVE-2022-0595

Exploit for WordPress Contact Form 7 <1.3.6.3 - Stored Cross-Site Scripting (CVE-2022-0595)

Description:

WordPress Contact Form 7 before 1.3.6.3 contains an unauthenticated stored cross-site scripting vulnerability in the Drag and Drop Multiple File Upload plugin. SVG files can be uploaded by default via the dnd_codedropz_upload AJAX action.

Nuclei Template

View the template here CVE-2022-0595.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-0595.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-0595
https://github.com/ARPSyndicate/cvemon
https://wpscan.com/vulnerability/1b849957-eaca-47ea-8f84-23a3a98cc8de
https://github.com/ARPSyndicate/kenzer-templates
https://plugins.trac.wordpress.org/changeset/2686614

.. / CVE-2022-0595 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Contact Form 7 <1.3.6.3 - Stored Cross-Site Scripting (CVE-2022-0595)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-0595