CVE-2024-50514

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Nov 19, 2024
CWE ID 79

Summary

CVE-2024-50514 is a Cross-site Scripting (XSS) vulnerability affecting Ninja Forms, a popular WordPress plugin. The flaw, which allows Stored XSS attacks, exists due to improper neutralization of user input during web page generation. This issue can be exploited by malicious actors to inject malicious scripts into a targeted website, potentially stealing user data or taking control of user sessions. The vulnerability affects Ninja Forms versions from n/a through 3.8.16. Users are urged to update to the latest patch to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share