Title: WordPress 'WP Accurate Form Data' Plugin Version: 1.2 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-21 Download: - https://wordpress.org/plugins/accurate-form-data-real-time-form-validation/ - https://plugins.svn.wordpress.org/accurate-form-data-real-time-form-validation/ Notified WordPress: 2015-06-21 ========================================================== ## Plugin description ========================================================== The plugin performs E-mail and Physical Address validations automatically for most wordpress contact forms. ## XSS Vulnerabilities ========================================================== The request URI is echo'ed into the HTML page without sanitization. This can be exploited with a malicious URL (keep in mind that most modern browsers encode the url). http://[URL]/wp-admin/options-general.php?page=Accu_Data_WP&a="> ---- The options on the admin settings page are displayed/stored without sanitization. This can be exploited with a crafted POST request. PoC (using CSRF): Log in as admin and submit the following form:

wCheckEmailValidity:










wSub
## Solution ========================================================== No fix available ========================================================== XSS vulnerabilities found using Eir; an early stage static vulnerability scanner for PHP applications.