Uncategorized

Multiple Authenticated Stored XSS in NinjaForms Settings Page (Version 3.4.22 )

Posted on

Authenticated Stored XSS in NinjaForms Settings Page (Version 3.4.22 )   Background A Spider Sec Ltd consultant discovered an Authenticated Stored XSS vulnerability inside the Ninja forms WordPress Plugin which could allow attackers to hi-jack administrative cookies if an attack is coupled together with a phishing campaign.   Technical Details The following parameters are vulnerable […]