CVE-2021-36827 Information

Description

Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive’s Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via \label.

Reference

https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-contact-form-plugin-3-6-9-authenticated-stored-cross-site-scripting-xss-vulnerability https://wordpress.org/plugins/ninja-forms/#developers