Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveWPScanCVE-2021-24381
HistoryOct 25, 2021 - 2:15 p.m.

CVE-2021-24381

2021-10-2514:15:09
CWE-79
WPScan
web.nvd.nist.gov
23
cve-2021-24381
ninja forms
contact form
wordpress
plugin
xss
cross-site scripting
nvd

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Affected configurations

Nvd
Vulners
Node
ninjaformscontact_formRange<3.5.8.2wordpress
VendorProductVersionCPE
ninjaformscontact_form*cpe:2.3:a:ninjaforms:contact_form:*:*:*:*:*:wordpress:*:*

CNA Affected

[
  {
    "product": "Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "3.5.8.2",
        "status": "affected",
        "version": "3.5.8.2",
        "versionType": "custom"
      }
    ]
  }
]

Related

prion 1
wpvulndb 1
cnvd 1
nvd 1
cvelist 1
openvas 1
wpexploit 1
prion
prion
Cross site scripting
2021-10-25 14:15:00
wpvulndb
wpvulndb
NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
2021-09-27 00:00:00
cnvd
cnvd
WordPress Ninja Forms Contact Form plugin cross-site scripting vulnerability
2021-10-28 00:00:00
nvd
nvd
CVE-2021-24381
2021-10-25 14:15:09
cvelist
cvelist
CVE-2021-24381 NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
2021-10-25 13:20:32
openvas
openvas
WordPress Ninja Forms Plugin < 3.5.8.2 XSS Vulnerability
2021-11-03 00:00:00
wpexploit
wpexploit
NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
2021-09-27 00:00:00

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON
Related for CVE-2021-24381
prion1wpvulndb1cnvd1nvd1cvelist1openvas1wpexploit1