Authenticated admins can inject malicious scripts into settings, executed on affected pages for other users.
This vulnerability affects the following application versions:
- Ninja Forms – The Contact Form Builder 3.8.6
- Ninja Forms – The Contact Form Builder 3.8.7
- Ninja Forms – The Contact Form Builder 3.8.8
- Ninja Forms – The Contact Form Builder 3.8.9
- Ninja Forms – The Contact Form Builder 3.8.10
- Ninja Forms – The Contact Form Builder 3.8.11
- Ninja Forms – The Contact Form Builder 3.8.12
- Ninja Forms – The Contact Form Builder 3.8.13
- Ninja Forms – The Contact Form Builder 3.8.14
- Ninja Forms – The Contact Form Builder 3.8.15
- Ninja Forms – The Contact Form Builder 3.8.16
- Ninja Forms – The Contact Form Builder 3.8.17