Python Script
CVE Python script exploits the reflected Cross-Site Scripting (XSS) vulnerability CVE-2023-37979 found in the Ninja-forms WordPress plugin. This CVE could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 3.6.26
Nuclei Template
I have created a CVE yaml file as a Nuclei template to detect vulnerable versions of the plugin (version 3.6.25 or lower). Although the vulnerability detection is already available in the Python script, I decided to publish its yaml version for Nuclei fans.
What do you think?
It is nice to know your opinion. Leave a comment.