The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site Scripting payloads in them
References
| Link | Resource |
|---|---|
| https://wpscan.com/vulnerability/eca883d8-9499-4dbd-8fe1-4447fc2ca28a | Exploit Third Party Advisory |
| https://wpscan.com/vulnerability/eca883d8-9499-4dbd-8fe1-4447fc2ca28a | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:53
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://wpscan.com/vulnerability/eca883d8-9499-4dbd-8fe1-4447fc2ca28a - Exploit, Third Party Advisory |
07 Nov 2023, 03:31
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-352 |
Information
Published : 2021-12-13 11:15
Updated : 2024-11-21 05:53
NVD link : CVE-2021-24705
Mitre link : CVE-2021-24705
CVE.ORG link : CVE-2021-24705
JSON object : View
Products Affected
basixonline
- nex-forms
CWE
No CWE.