Vulnerabilities > CVE-2021-24889 - Unspecified vulnerability in Ninjaforms Ninja Forms

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
ninjaforms

Summary

The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks

Vulnerable Configurations

Part Description Count
Application
Ninjaforms
291