CVE Details
Basic Information
| Title |
CVE-2025-2524 |
| Type |
cve |
| Published |
2025-05-19T06:15:19 |
| Last Seen |
2025-05-19T06:22:27 |
CVSS Information
| Base Score |
0.0 () |
| Attack Vector |
|
| Attack Complexity |
|
| Privileges Required |
|
| User Interaction |
|
| Scope |
|
| Confidentiality Impact |
|
| Integrity Impact |
|
| Availability Impact |
|
AI Analysis
| AI Description |
The Ninja Forms WordPress plugin before version 3.10.1 is vulnerable to Stored Cross-Site Scripting (XSS) due to insufficient sanitization and escaping of certain settings. This allows high-privileged users, such as administrators, to inject malicious scripts into the plugin’s settings, potentially compromising other users’ sessions or stealing sensitive information. |
| AI Severity |
Medium |
| Vendor |
WordPress Community |
| Product |
Ninja Forms |
| Affected Version |
<3.10.1 |
Additional Information
| CVE List |
CVE-2025-2524 |
| CWE List |
|
| Bulletin Family |
cve |
Description
The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks…
CVSS Score Summary
Base Score: %!f(string=#) ()
View Full CVE Details
