___________________________________________________ | | Exploit Title: Wordpress Contact Form 7 International Sms Integration Plugin Cross Site Scripting | Exploit Author: Ashiyane Digital security Team | Vendor Homepage : https://wordpress.org/plugins/cf7-international-sms-integration/ | Software Link: https://downloads.wordpress.org/plugin/cf7-international-sms-integration.1.2.zip | Version: 1.2 | Date: 2017 - 07 - 9 | Tested on: Kali-Linux /FireFox |__________________________________________________ Exploit :
" />
__________________________________________________ Vulnerable method : $_GET Vulnerable File : wp-content/plugins/cf7-international-sms-integration/includes/admin/class-sms-log-display.php Vulnerable code: line 366 :
display() ?>
__________________________________________________ #patch: For fix this vulnerability you use htmlspecialchars() function . __________________________________________________ Discovered By : M.R.S.L.Y __________________________________________________