Lucene search
WPScanCVE-2024-7354HistorySep 02, 2024 - 8:15 a.m.
CVE-2024-7354
2024-09-0208:15:06
WPScan
web.nvd.nist.gov
26
ninja forms
wordpress
reflected cross-site scripting
url
attribute
high privilege users
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
5.9
Confidence
High
EPSS
0
Percentile
9.6%
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected configurations
Node
ninjaformsninja_formsRange3.8.6–3.8.11wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ninjaforms | ninja_forms | * | cpe:2.3:a:ninjaforms:ninja_forms:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Ninja Forms",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "3.8.6",
"lessThan": "3.8.11"
}
],
"defaultStatus": "unaffected"
}
]Related
nvd
nvd
CVE-2024-7354
2024-09-02 08:15:06
cvelist
cvelist
CVE-2024-7354 Ninja Forms 3.8.6-3.8.10 - Reflected XSS
2024-09-02 06:00:01
vulnrichment
vulnrichment
CVE-2024-7354 Ninja Forms 3.8.6-3.8.10 - Reflected XSS
2024-09-02 06:00:01
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
5.9
Confidence
High
EPSS
0
Percentile
9.6%
Related for CVE-2024-7354