The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. RTX file) in all versions up to, and including, 3.3.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Metrics
Affected Vendors & Products
References
History
Thu, 26 Sep 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ninjaforms
Ninjaforms ninja Forms File Uploads |
|
CPEs | cpe:2.3:a:ninjaforms:ninja_forms_file_uploads:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Ninjaforms
Ninjaforms ninja Forms File Uploads |
Mon, 09 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Saturday Drive
Saturday Drive ninja Forms |
|
CPEs | cpe:2.3:a:saturday_drive:ninja_forms:*:*:*:*:*:*:*:* | |
Vendors & Products |
Saturday Drive
Saturday Drive ninja Forms |
|
Metrics |
ssvc
|
Sat, 07 Sep 2024 11:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. RTX file) in all versions up to, and including, 3.3.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |
Title | Ninja Forms File Uploads <= 3.3.16 - Unauthenticated Stored Cross-Site Scripting via File Upload | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-09-07T11:17:02.559Z
Updated: 2024-09-09T14:57:31.937Z
Reserved: 2024-02-16T22:13:26.346Z
Link: CVE-2024-1596
Vulnrichment
Updated: 2024-09-09T14:57:27.929Z
NVD
Status : Analyzed
Published: 2024-09-07T12:15:11.017
Modified: 2024-09-26T16:23:08.650
Link: CVE-2024-1596
Redhat
No data.