Lucene search
WPScanCVELIST:CVE-2021-25056HistoryJul 04, 2022 - 1:05 p.m.
CVE-2021-25056 Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting
2022-07-0413:05:21
CWE-79
WPScan
www.cve.org
4
cve-2021-25056
ninja forms
wordpress plugin
cross-site scripting
unfiltered_html capability
EPSS
0.001
Percentile
24.8%
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CNA Affected
[
{
"product": "Ninja Forms Contact Form β The Drag and Drop Form Builder for WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.6.10",
"status": "affected",
"version": "3.6.10",
"versionType": "custom"
}
]
}
]Related
cnvd
cnvd
WordPress Ninja Forms Contact Form pluginθ·¨η«θζ¬ζΌζ΄
2022-07-06 00:00:00
wpvulndb
wpvulndb
Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting
2022-06-13 00:00:00
prion
prion
Cross site scripting
2022-07-04 13:15:00
wpexploit
wpexploit
Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting
2022-06-13 00:00:00
patchstack
patchstack
nvd
nvd
CVE-2021-25056
2022-07-04 13:15:08
cve
cve
CVE-2021-25056
2022-07-04 13:15:08
openvas
openvas
WordPress Ninja Forms Contact Form Plugin < 3.6.10 Multiple Vulnerabilities
2022-07-05 00:00:00