Security Advisory

CVE-2021-24705

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-12-13 10:40:44

Last updated 2024-08-03 19:42:16

Assigner WPScan

State PUBLISHED

Description

The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site Scripting payloads in them

← Browse all CVEs View on cve.org ↗