2 matches found
CVE-2021-24705
CVE-2021-24705 affects the NEX-Forms WordPress plugin prior to version 8.4.3. The issue is lack of CSRF protection when editing a form and insufficient escaping of certain settings and form fields before output in attributes, enabling a logged-in admin to edit forms with stored Cross-Site Scripti...
CVE-2021-24705 NEX-Forms < 8.4.3 - Stored Cross-Site Scripting via CSRF
The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site...