CVE-2020-36173 — Improper Encoding or Escaping of Output in Ninja Forms

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 59.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJan 6

Latest updateMay 24

Description

The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

GHSA

GHSA-m44f-wcwx-2834: The Ninja Forms plugin before 3↗2022-05-24

▶

CVEList

CVE-2020-36173: The Ninja Forms plugin before 3↗2021-01-06

▶