Descrição
The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site Scripting payloads in them
Software
Não informado
Tipo Software
Plugin
CVE
CVE-2021-24705
Tags
Nâo informado
Data de publicação
13/12/2021
Última atualização
08/12/2024
Pontuação em CVSS 3.0
4.8
Médio