Lucene search
WPScanCVELIST:CVE-2021-24381HistoryOct 25, 2021 - 1:20 p.m.
CVE-2021-24381 NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
2021-10-2513:20:32
CWE-79
WPScan
www.cve.org
0.001 Low
EPSS
Percentile
24.9%
The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CNA Affected
[
{
"product": "Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.5.8.2",
"status": "affected",
"version": "3.5.8.2",
"versionType": "custom"
}
]
}
]Related
wpvulndb
wpvulndb
NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
2021-09-27 00:00:00
cnvd
cnvd
WordPress Ninja Forms Contact Form plugin cross-site scripting vulnerability
2021-10-28 00:00:00
nvd
nvd
CVE-2021-24381
2021-10-25 14:15:09
openvas
openvas
WordPress Ninja Forms Plugin < 3.5.8.2 XSS Vulnerability
2021-11-03 00:00:00
prion
prion
Cross site scripting
2021-10-25 14:15:00
cve
cve
CVE-2021-24381
2021-10-25 14:15:09
wpexploit
wpexploit
NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
2021-09-27 00:00:00