Ninja Forms < 3.4.23 - Multiple Authenticated Stored Cross-Site Scripting



Description
Authenticated Stored XSS vulnerabilities in recaptcha_site_key, recaptcha_secret_key, recaptcha_lang and date_format keys.

Affects Plugin

References

CVE 2020-8594
URL https://spider-security.co.uk/blog-cve-cve-2020-8594

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Spider Sec Ltd
Views 2597
Verified No
WPVDB ID 10070

Timeline

Publicly Published 2020-02-03 (18 days ago)
Added 2020-02-14 (6 days ago)
Last Updated 2020-02-15 (5 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin