WordPress Plugin Vulnerabilities
NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
Description
The plugin does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Proof of Concept
With the Form Builder "Dev Mode” setting enabled, create a form and a field, then under the Display option of the field, add the following payload in the Custom Class Names Container field "><img src onerror=alert(/XSS/)> Save the field and form then view/preview the page with the form embed to trigger the XSS https://www.youtube.com/watch?v=Ax8QK5gEBUk
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Rodel Plasabas
Submitter
Rodel Plasabas
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-09-27 (about 2 years ago)
Added
2021-09-27 (about 2 years ago)
Last Updated
2022-04-14 (about 2 years ago)