WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

As admin, put the following payload in a field label: <img src=x onerror=alert(/XSS/)>

The XSS will be triggered when editing the form, as well as in post/page where the form is embed

Affects Plugins

ninja-forms
Fixed in version 3.6.10

References

CVE
CVE-2021-25056

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Muhammad Adel

Submitter website
https://itsfading.github.io/
Submitter twitter
ItsFadinG_
Verified

Yes

WPVDB ID
795acab2-f621-4662-834b-ebb6205ef7de

Timeline

Publicly Published

2022-06-13 (about 9 months ago)

Added

2022-06-13 (about 9 months ago)

Last Updated

2023-03-13 (about 11 days ago)

Our Other Services

WPScan WordPress Security Plugin