Print Page - WordPress Ninja Forms plugin <= 3.6.9 - Cross-Site Scripting (XSS) Vulnerability

Title: WordPress Ninja Forms plugin <= 3.6.9 - Cross-Site Scripting (XSS) Vulnerability
Post by: Kailash on Jun 14, 2022, 01:04 AM

WordPress Ninja Forms plugin <= 3.6.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Plugin name: Ninja Forms Contact Form
Vulnerable versions: <= 3.6.9
Fixed in: 3.6.10
CVE ID: CVE-2021-25056
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-13

Vulnerability Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Muhammad Adel WordPress Ninja Forms plugin (versions <= 3.6.9).

Solution

Update the WordPress Ninja Forms plugin to the latest available version (at least 3.6.10).

Plugin Link: https://wordpress.org/plugins/ninja-forms/

WordPress Community Forum

WordPress Support => WordPress Vulnerability => Topic started by: Kailash on Jun 14, 2022, 01:04 AM