Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2023-5530
HistoryNov 06, 2023 - 8:41 p.m.

CVE-2023-5530 Ninja Forms < 3.6.34 - Admin+ Stored XSS

2023-11-0620:41:40
WPScan
www.cve.org
4
ninja forms
wordpress
stored xss

EPSS

0

Percentile

14.0%

JSON

The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are already allowed to use JS in posts/comments etc however the vendor acknowledged and fixed the issue

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Ninja Forms Contact Form",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "3.6.34"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Related

cve 1
openvas 1
wpvulndb 1
prion 1
nvd 1
wpexploit 1
cve
cve
CVE-2023-5530
2023-11-06 21:15:10
openvas
openvas
WordPress Ninja Forms Contact Form Plugin < 3.6.34 XSS Vulnerability
2023-11-07 00:00:00
wpvulndb
wpvulndb
Ninja Forms < 3.6.34 - Admin+ Stored XSS
2023-10-16 00:00:00
prion
prion
Cross site scripting
2023-11-06 21:15:00
nvd
nvd
CVE-2023-5530
2023-11-06 21:15:10
wpexploit
wpexploit
Ninja Forms < 3.6.34 - Admin+ Stored XSS
2023-10-16 00:00:00

EPSS

0

Percentile

14.0%

JSON
Related for CVELIST:CVE-2023-5530
cve1openvas1wpvulndb1prion1nvd1wpexploit1