Multiple Authenticated Stored XSS in NinjaForms Settings Page (Version 3.4.22 )
Posted onAuthenticated Stored XSS in NinjaForms Settings Page (Version 3.4.22 ) Background A Spider Sec Ltd consultant discovered an Authenticated Stored XSS vulnerability inside the Ninja forms WordPress Plugin which could allow attackers to hi-jack administrative cookies if an attack is coupled together with a phishing campaign. Technical Details The following parameters are vulnerable […]