Lucene search
WpvulndbWPVDB-ID:FD00A14B-3016-487D-94A9-27716B925440HistoryMar 08, 2022 - 12:00 a.m.
Ninja Forms File Uploads Extension < 3.3.13 - Unauthenticated Stored Cross-Site Scripting
2022-03-0800:00:00
wpscan.com
19
ninja forms
file uploads
extension
unauthenticated
stored
cross-site scripting
sanitization
ajax
controllers
wordpress
EPSS
0.001
Percentile
35.5%
The plugin is vulnerable to stored cross-site scripting due to missing sanitization of the files filename parameter found in the ~/includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web scripts to vulnerable WordPress sites.
Related
prion
prion
Cross site scripting
2022-03-23 20:15:00
nvd
nvd
CVE-2022-0889
2022-03-23 20:15:10
cve
cve
CVE-2022-0889
2022-03-23 20:15:10
cvelist
cvelist
CVE-2022-0889
2022-03-23 19:46:49
patchstack
patchstack
cnvd
cnvd