WordPress Plugin Vulnerabilities

Ninja Forms <= 2.9.51 - Multiple Authenticated Cross-Site Scripting (XSS)

Description

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Multiple Authenticated Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
ninja-forms
Fixed in 2.9.52

References

URL
https://sumofpwn.nl/advisory/2016/multiple_cross_site_scripting_vulnerabilities_in_ninja_forms_wordpress_plugin.html
URL
https://seclists.org/bugtraq/2016/Jul/83
URL
https://plugins.trac.wordpress.org/changeset/1456452/ninja-forms

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
a495b360-a81f-4d42-a8d4-a74e2c2a7cee

Timeline

Publicly Published
2016-07-19 (about 9 years ago)
Added
2016-07-20 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-06-28
Title
Stock Ticker < 3.24.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via stock_ticker Shortcode
Published
2024-02-26
Title
SoundCloud Shortcode < 4.0.2 - Contributor+ Stored XSS
Published
2024-08-08
Title
Gutentor < 3.3.6 - Contributor+ Stored XSS
Published
2025-03-28
Title
WP Posts Carousel < 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-06-17
Title
WP Job Portal < 2.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting