The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format].
References
Link | Resource |
---|---|
https://wordpress.org/plugins/ninja-forms/#developers | Vendor Advisory |
https://spider-security.co.uk/blog-cve-cve-2020-8594 | Exploit Third Party Advisory |
https://wpvulndb.com/vulnerabilities/10070 | Third Party Advisory |
Configurations
Information
Published : 2020-02-14 12:15
Updated : 2020-02-18 07:26
NVD link : CVE-2020-8594
Mitre link : CVE-2020-8594
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
ninjaforms
- ninja_forms