A vulnerability in Ninja Forms allowed unescaped form field values to be displayed in the WordPress admin. This created a risk of stored Cross-Site Scripting (XSS), where a malicious actor could inject harmful JavaScript into form data.

This vulnerability affects the following application versions:

  • Ninja Forms – The Contact Form Builder 3.8.6
  • Ninja Forms – The Contact Form Builder 3.8.7
  • Ninja Forms – The Contact Form Builder 3.8.8
  • Ninja Forms – The Contact Form Builder 3.8.9
  • Ninja Forms – The Contact Form Builder 3.8.10
  • Ninja Forms – The Contact Form Builder 3.8.11
  • Ninja Forms – The Contact Form Builder 3.8.12
  • Ninja Forms – The Contact Form Builder 3.8.13
  • Ninja Forms – The Contact Form Builder 3.8.14
  • Ninja Forms – The Contact Form Builder 3.8.15
  • Ninja Forms – The Contact Form Builder 3.8.16
  • Ninja Forms – The Contact Form Builder 3.8.17
  • Ninja Forms – The Contact Form Builder 3.8.18
  • Ninja Forms – The Contact Form Builder 3.8.19
  • Ninja Forms – The Contact Form Builder 3.8.20
  • Ninja Forms – The Contact Form Builder 3.8.21
  • Ninja Forms – The Contact Form Builder 3.8.22
  • Ninja Forms – The Contact Form Builder 3.8.23
  • Ninja Forms – The Contact Form Builder 3.8.24
  • Ninja Forms – The Contact Form Builder 3.8.25
  • Ninja Forms – The Contact Form Builder 3.8.25.1
  • Ninja Forms – The Contact Form Builder 3.9.0
  • Ninja Forms – The Contact Form Builder 3.9.1
  • Ninja Forms – The Contact Form Builder 3.9.2
  • Ninja Forms – The Contact Form Builder 3.9.2.1
  • Ninja Forms – The Contact Form Builder 3.10.0

Skriv et svar

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *