Version 4.12 introduced "File Upload in Contact Forms". In early iterations of this feature, improper sanitization can lead to Remote Code Execution (RCE)

Description. To reproduce this error. Here is the process. Install Nicepage plugin (https://nicepage.com/doc/1323/getting-started- NicepageApp/Nicepage - GitHub

Authenticated attackers with admin privileges can inject arbitrary scripts into pages, which execute when other users view them. 4. Recommendations for Nicepage Users

Nicepage 4160 | Exploit

Version 4.12 introduced "File Upload in Contact Forms". In early iterations of this feature, improper sanitization can lead to Remote Code Execution (RCE)

Description. To reproduce this error. Here is the process. Install Nicepage plugin (https://nicepage.com/doc/1323/getting-started- NicepageApp/Nicepage - GitHub nicepage 4160 exploit

Authenticated attackers with admin privileges can inject arbitrary scripts into pages, which execute when other users view them. 4. Recommendations for Nicepage Users Version 4