Lucene search

K
cvelistWPScanCVELIST:CVE-2021-24381
HistoryOct 25, 2021 - 1:20 p.m.

CVE-2021-24381 NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting

2021-10-2513:20:32
CWE-79
WPScan
www.cve.org

0.001 Low

EPSS

Percentile

24.8%

The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

CNA Affected

[
  {
    "product": "Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "3.5.8.2",
        "status": "affected",
        "version": "3.5.8.2",
        "versionType": "custom"
      }
    ]
  }
]

0.001 Low

EPSS

Percentile

24.8%

Related for CVELIST:CVE-2021-24381