Log out
Get PRO

Latest

Input validation vulnerability in Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress 3.6.25

  • Severity: medium-risk
  • Status: Fixed
  • Publication: August 7, 2023

The Ninja Forms plugin for WordPress is not secure in versions up to 3.6.25. Attackers who have access to an administrator account can add malicious HTML code to pages which will be executed every time someone visits that page. This is a serious security vulnerability that needs to be addressed.

Detected in:

Ninja Forms – The Contact Form Builder That Grows With You fixed vulnerable versions:
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress fixed vulnerable versions: >= * <= 3.6.25

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.