Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2021-103566
HistoryOct 28, 2021 - 12:00 a.m.

WordPress Ninja Forms Contact Form plugin cross-site scripting vulnerability

2021-10-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
9

0.001 Low

EPSS

Percentile

24.8%

WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Ninja Forms Contact Form plugin prior to 3.5.8.2 put that book in place with a cross-site scripting vulnerability that stems from the fact that the plugin does not sanitize and escape the custom class names of the form fields it creates. An attacker could exploit the vulnerability to inject JavaScript and execute a stored XSS attack.

0.001 Low

EPSS

Percentile

24.8%