Ninja Forms < 3.4.23 - CSRF to Stored Cross-Site Scripting (XSS)



Description
Authenticated Stored XSS vulnerabilities in recaptcha_site_key, recaptcha_secret_key, recaptcha_lang and date_format keys, which can be performed via CSRF attacks.

Affects Plugin

References

CVE 2020-8594
URL https://spider-security.co.uk/blog-cve-cve-2020-8594

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Spider Sec Ltd
Views 5032
Verified No
WPVDB ID 10070

Timeline

Publicly Published 2020-02-03 (4 months ago)
Added 2020-02-14 (4 months ago)
Last Updated 2020-05-04 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin