WordPress Plugin Vulnerabilities

Ninja Forms <= 3.3.13 - Cross-Site Scripting (XSS) in Import Function

Description

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Cross-Site Scripting (XSS) in Import Function security vulnerability.

Affects Plugins

Plugin icon
ninja-forms
Fixed in 3.3.14

References

URL
https://plugins.trac.wordpress.org/changeset/1931064/ninja-forms

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
fd19ade3-4d3b-446e-9b08-7b07b1ec1927

Timeline

Publicly Published
2018-08-27 (about 5 years ago)
Added
2018-08-27 (about 5 years ago)
Last Updated
2019-11-01 (about 4 years ago)

Other

Published
Title
Published
2024-03-01
Title
Ultimate Bootstrap Elements for Elementor < 1.3.7 - Contributor+ Stored XSS
Published
2023-01-25
Title
Opening Hours <= 2.3.0 - Contributor+ Stored XSS via Shortcode
Published
2019-06-26
Title
Limb Gallery < 1.4.0 - Reflected Cross-Site Scripting
Published
2022-03-21
Title
WPvivid Backup and Migration Plugin < 0.9.70 - Reflected Cross-Site Scripting
Published
2023-11-28
Title
File Gallery <= 1.8.5.4 - Reflected Cross-Site Scripting via post_id