The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fw_data [id][1], fw_data [id][2], fw_data [id][3], fw_data [id][4], or email field of the contact form, exploitable with an fw_send_email action to wp-admin/admin-ajax.php.
References
| Link | Resource |
|---|---|
| https://hackpuntes.com/cve-2018-14430-wordpress-plugin-multi-step-form-125-multiples-xss-reflejados/ | Exploit Issue Tracking Third Party Advisory |
| https://wpvulndb.com/vulnerabilities/9106 | Exploit Third Party Advisory |
| https://hackpuntes.com/cve-2018-14430-wordpress-plugin-multi-step-form-125-multiples-xss-reflejados/ | Exploit Issue Tracking Third Party Advisory |
| https://wpvulndb.com/vulnerabilities/9106 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 03:49
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://hackpuntes.com/cve-2018-14430-wordpress-plugin-multi-step-form-125-multiples-xss-reflejados/ - Exploit, Issue Tracking, Third Party Advisory | |
| References | () https://wpvulndb.com/vulnerabilities/9106 - Exploit, Third Party Advisory |
Information
Published : 2018-07-25 23:29
Updated : 2024-11-21 03:49
NVD link : CVE-2018-14430
Mitre link : CVE-2018-14430
CVE.ORG link : CVE-2018-14430
JSON object : View
Products Affected
mondula
- multi_step_form
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')