Nicepage regularly releases security patches. Modern versions (6.x+) have significantly hardened file upload and form handling.
Security researchers released a minimal Python script to demonstrate the vulnerability: nicepage 4.5.4 exploit
: Because Nicepage version 4.5.4 was released around February 2022, it is frequently used on older WordPress core versions (such as the 4.5.x branch) which are prone to multiple critical vulnerabilities , including Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and potential Remote Code Execution (RCE). Potential Attack Vectors Nicepage regularly releases security patches