CVE-2021-25066
Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Productos afectados
Unknown · Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →