CVE-2024-7354

Name of the Vulnerable Software and Affected Versions Ninja Forms versions prior to 3.8.11

Description The issue is related to a Reflected Cross-Site Scripting that could be used against high privilege users such as admin. This occurs because the Ninja Forms WordPress plugin does not escape an URL before outputting it back in an attribute, leading to malicious script execution.

Recommendations For versions prior to 3.8.11, upgrade the affected plugin immediately to mitigate risks. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.