: Ensure any custom forms created with Nicepage are properly validated. Past versions had issues with invalid email content when HTML code was injected into contact forms.
The exploit involves sending a POST request to wp-admin/admin-ajax.php with the action nicepage_upload . nicepage 4160 exploit
Introduced file upload functionality (potential RCE vector). August 2022 : Ensure any custom forms created with Nicepage
:
: Users reported that some versions of the Nicepage plugin allowed unauthorized visibility of sensitive WordPress paths like /wp-admin , which could assist attackers in reconnaissance. which could assist attackers in reconnaissance.