VYPR
Unrated severityNVD Advisory· Published Dec 13, 2021· Updated Aug 3, 2024

NEX-Forms < 8.4.3 - Stored Cross-Site Scripting via CSRF

CVE-2021-24705

Description

The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site Scripting payloads in them

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.