Lucene search
China National Vulnerability DatabaseCNVD-2021-103566HistoryOct 28, 2021 - 12:00 a.m.
WordPress Ninja Forms Contact Form plugin cross-site scripting vulnerability
2021-10-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
wordpress
ninja forms
contact form
plugin
cross-site scripting
php
mysql
xss
vulnerability
exploit
javascript
EPSS
0.001
Percentile
24.8%
WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Ninja Forms Contact Form plugin prior to 3.5.8.2 put that book in place with a cross-site scripting vulnerability that stems from the fact that the plugin does not sanitize and escape the custom class names of the form fields it creates. An attacker could exploit the vulnerability to inject JavaScript and execute a stored XSS attack.
Related
prion
prion
Cross site scripting
2021-10-25 14:15:00
wpvulndb
wpvulndb
NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
2021-09-27 00:00:00
nvd
nvd
CVE-2021-24381
2021-10-25 14:15:09
cvelist
cvelist
CVE-2021-24381 NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
2021-10-25 13:20:32
openvas
openvas
WordPress Ninja Forms Plugin < 3.5.8.2 XSS Vulnerability
2021-11-03 00:00:00
cve
cve
CVE-2021-24381
2021-10-25 14:15:09
wpexploit
wpexploit
NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
2021-09-27 00:00:00