VYPR
Unrated severityNVD Advisory· Published Nov 29, 2021· Updated Aug 3, 2024

Ninja Forms < 3.6.4 - Admin+ SQL Injection

CVE-2021-24889

Description

The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.