Ninja Forms < 3.6.26 - Admin+ Stored HTML Injection
CVE-2023-4109

4.8MEDIUM

Key Information:

Vendor
Wordpress
Status
Ninja Forms Contact Form
Vendor
CVE Published:
30 August 2023

Summary

The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability.

Affected Version(s)

Ninja Forms Contact Form 0 < 3.6.26

References

https://wpscan.com/vulnerability/558e06ab-704b-4bb1-ba7f-...
exploitvdb-entrytechnical-description

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sayandeep Dutta
WPScan
.