WordPress Plugin Vulnerabilities

Ninja Forms < 3.0.31 - XSS

Description

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a XSS security vulnerability.

Affects Plugins

Plugin icon
ninja-forms
Fixed in 3.0.31

References

CVE
CVE-2017-18574

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Verified
No
WPVDB ID
a7e69d72-5f26-44eb-ae57-ac7f56cdd5d5

Timeline

Publicly Published
2017-03-07 (about 9 years ago)
Added
2019-08-24 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-12-29
Title
PRIMER by chloédigital <= 1.0.25 - Reflected Cross-Site Scripting
Published
2024-12-12
Title
MyParcel < 4.24.2 - Reflected Cross-Site Scripting
Published
2024-05-06
Title
raindrops < 1.700 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-11-11
Title
Print PDF Generator and Publisher < 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2026-03-16
Title
Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits < 2.1.4 - Authenticated (Author+) Stored Cross-Site Scripting