Back to directory
WRITEUP #217

The Dark Side of Contact Forms: How I Identified 7 CVEs in WordPress Plugins

XSSBlind XSSStored XSSHTML injection
by@dropn0w(Pedro Paniago)
Bounty
2,500
Program
Wordfence
Published
Jul 2, 2024
Added to HackDex
Jul 8, 2024
Read Full Writeuphttps://blog.paniago.io/the-dark-side-of-contact-forms-how-i-identified-7-cves-in-wordpress-plugins-30f6111dfebf
RELATED WRITEUPS
Stored XSS in LibreOffice
XSSStored XSS
Persistent XSS on Microsoft Bing.com by poisoning Bingbot indexing
XSSStored XSS
Canary Token OSS Security Audit Report (Q2 2024)
XSSDoS
Type confusion attacks in ProseMirror editors
XSSType confusion
Self-XSS to ATO via Site Features
XSSSelf-XSS

Built with ❤️ by Shubham Rawat