WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import

Description

The plugin does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

- Make a test form and then export it to your system.
- Edit the file and enter an XSS payload like "<img src=x onerror=alert('XSS')" inside the title object in the JSON file.
- Go back to the import/export tab and notice that the payload was executed

Affects Plugins

ninja-forms
Fixed in version 3.6.10

References

CVE
CVE-2021-25066

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Muhammad Adel

Submitter website
https://itsfading.github.io
Submitter twitter
ItsFadinG_
Verified

Yes

WPVDB ID
323d5fd0-abe8-44ef-9127-eea6fd4f3f3d

Timeline

Publicly Published

2022-06-10 (about 9 months ago)

Added

2022-06-13 (about 9 months ago)

Last Updated

2023-03-13 (about 15 days ago)

Our Other Services

WPScan WordPress Security Plugin