Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the “ninja_forms_field_1” parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php. Also, multiple cross site scripting vulnerabilities allow the administrators to inject arbitrary web script or HTML via the “fields[1]” parameter to wp-admin/post.php.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
ninja forms | le | 2.8.8 |