WordPress Plugin Vulnerabilities

Ninja Forms <= 2.9.18 - Cross-Site Scripting (XSS)

Description

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
ninja-forms
Fixed in 2.9.19

References

URL
https://github.com/wpninjas/ninja-forms/issues/747
URL
https://plugins.trac.wordpress.org/changeset/1187015/ninja-forms

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
0dc1757f-dbe1-454f-a476-0305aee23fb6

Timeline

Publicly Published
2015-06-05 (about 8 years ago)
Added
2015-07-05 (about 8 years ago)
Last Updated
2019-10-21 (about 4 years ago)

Other

Published
Title
Published
2020-12-04
Title
Themify Portfolio Post < 1.1.6 - Authenticated Stored Cross-Site Scripting
Published
2023-10-22
Title
CPO Shortcodes <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2022-10-24
Title
Traffic Manager <= 1.4.5 - Subscriber+ Stored Cross-Site Scripting
Published
2020-12-12
Title
Directories Pro < 1.3.46 - Authenticated Self-Reflected Cross-Site Scripting
Published
2024-03-26
Title
Email Subscribers & Newsletters < 5.7.12 - Reflected Cross-Site Scripting via campaign_id