CVE Published: 04/07/2022 |
CVE Updated: 03/08/2024 |
CVE Year: 2021 Source: WPScan |
Vendor: Unknown |
Product: Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Status : PUBLISHED
CVE-2021-25066 Description
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.