CVE-2021-24889 — SQL Injection in Ninja Forms
Severity
7.2HIGHNVD
EPSS
0.6%
top 31.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 29
Latest updateNov 30
Description
The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9