Unknown Ninja Forms Contact Form vulnerabilities
3 known vulnerabilities affecting unknown/ninja_forms_contact_form.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2023-5530MEDIUMCVSS 4.8fixed in 3.6.342023-11-06
CVE-2023-5530 [MEDIUM] CWE-79 CVE-2023-5530: The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label f
The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are already allowed to use JS in posts/comments etc however the vendor acknowledged
cvelistv5nvd
CVE-2023-4109MEDIUMCVSS 4.8fixed in 3.6.262023-08-30
CVE-2023-4109 [MEDIUM] CWE-80 CVE-2023-4109: The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a
The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability.
cvelistv5nvd
CVE-2023-1835MEDIUMCVSS 6.1PoCfixed in 3.6.222023-05-15
CVE-2023-1835 [MEDIUM] CWE-79 CVE-2023-1835: The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input befo
The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
cvelistv5nvd