Unrated severityNVD Advisory· Published Dec 13, 2021· Updated Aug 3, 2024
NEX-Forms < 8.4.3 - Stored Cross-Site Scripting via CSRF
CVE-2021-24705
Description
The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site Scripting payloads in them
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/NEX-Formsdescription
- Range: <8.4.3
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/eca883d8-9499-4dbd-8fe1-4447fc2ca28amitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.